LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2002-1119 CVE STATUS: Patched CVE SUMMARY: os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1119 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2004-0150 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2005-0089 CVE STATUS: Patched CVE SUMMARY: The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2006-1542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1542 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2006-4980 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4980 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2007-1657 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1657 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2007-2052 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2007-4559 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream consider this expected behaviour CVE SUMMARY: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2007-4965 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4965 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-1679 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1679 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-1721 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1721 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-1887 CVE STATUS: Patched CVE SUMMARY: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1887 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-2315 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-2316 CVE STATUS: Patched CVE SUMMARY: Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2316 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-3142 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3142 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-3143 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3143 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-3144 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3144 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-4108 CVE STATUS: Patched CVE SUMMARY: Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4108 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-4864 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4864 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-5031 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5031 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2008-5983 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5983 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2009-4134 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4134 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-1449 CVE STATUS: Patched CVE SUMMARY: Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1449 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-1450 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1450 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-1634 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1634 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-2089 CVE STATUS: Patched CVE SUMMARY: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-3492 CVE STATUS: Patched CVE SUMMARY: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2010-3493 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3493 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2011-1015 CVE STATUS: Patched CVE SUMMARY: The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1015 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2011-1521 CVE STATUS: Patched CVE SUMMARY: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1521 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2011-4940 CVE STATUS: Patched CVE SUMMARY: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4940 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2011-4944 CVE STATUS: Patched CVE SUMMARY: Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4944 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2012-0845 CVE STATUS: Patched CVE SUMMARY: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0845 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2012-1150 CVE STATUS: Patched CVE SUMMARY: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2012-2135 CVE STATUS: Patched CVE SUMMARY: The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2135 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-1753 CVE STATUS: Patched CVE SUMMARY: The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1753 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-2099 CVE STATUS: Patched CVE SUMMARY: Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2099 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-4238 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4238 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-7040 CVE STATUS: Patched CVE SUMMARY: Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7040 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-7338 CVE STATUS: Patched CVE SUMMARY: Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7338 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2013-7440 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7440 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-1912 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1912 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-2667 CVE STATUS: Patched CVE SUMMARY: Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2667 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-4616 CVE STATUS: Patched CVE SUMMARY: Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4616 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-4650 CVE STATUS: Patched CVE SUMMARY: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4650 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-7185 CVE STATUS: Patched CVE SUMMARY: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7185 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2014-9365 CVE STATUS: Patched CVE SUMMARY: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9365 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2015-20107 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: The mailcap module is insecure by design, so this can't be fixed in a meaningful way CVE SUMMARY: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:C/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20107 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2015-5652 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5652 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-0772 CVE STATUS: Patched CVE SUMMARY: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0772 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-1000110 CVE STATUS: Patched CVE SUMMARY: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1000110 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-2183 CVE STATUS: Patched CVE SUMMARY: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-5636 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-5699 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5699 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2016-9063 CVE STATUS: Patched CVE SUMMARY: An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9063 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2017-1000158 CVE STATUS: Patched CVE SUMMARY: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2017-17522 CVE STATUS: Patched CVE SUMMARY: Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17522 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2017-18207 CVE STATUS: Patched CVE SUMMARY: The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18207 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2017-20052 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-1000030 CVE STATUS: Patched CVE SUMMARY: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000030 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-1000117 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000117 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-1000802 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000802 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-1060 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1060 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-1061 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-14647 CVE STATUS: Patched CVE SUMMARY: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14647 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-20406 CVE STATUS: Patched CVE SUMMARY: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20406 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-20852 CVE STATUS: Patched CVE SUMMARY: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20852 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-10160 CVE STATUS: Patched CVE SUMMARY: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10160 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-13404 CVE STATUS: Patched CVE SUMMARY: The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13404 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-16056 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16056 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-16935 CVE STATUS: Patched CVE SUMMARY: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16935 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-17514 CVE STATUS: Patched CVE SUMMARY: library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17514 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-18348 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: This is not exploitable when glibc has CVE-2016-10739 fixed CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18348 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-20907 CVE STATUS: Patched CVE SUMMARY: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20907 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-5010 CVE STATUS: Patched CVE SUMMARY: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5010 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-9636 CVE STATUS: Patched CVE SUMMARY: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-9674 CVE STATUS: Patched CVE SUMMARY: Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9674 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-9740 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9740 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-9947 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9947 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2019-9948 CVE STATUS: Patched CVE SUMMARY: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9948 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-10735 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10735 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-14422 CVE STATUS: Patched CVE SUMMARY: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14422 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-15523 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15523 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-15801 CVE STATUS: Patched CVE SUMMARY: In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15801 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-26116 CVE STATUS: Patched CVE SUMMARY: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26116 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-27619 CVE STATUS: Patched CVE SUMMARY: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27619 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-8315 CVE STATUS: Patched CVE SUMMARY: In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2020-8492 CVE STATUS: Patched CVE SUMMARY: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-23336 CVE STATUS: Patched CVE SUMMARY: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23336 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-28861 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28861 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-29921 CVE STATUS: Patched CVE SUMMARY: In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29921 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-3177 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3177 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-3426 CVE STATUS: Patched CVE SUMMARY: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3426 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-3733 CVE STATUS: Patched CVE SUMMARY: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3733 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-3737 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3737 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2021-4189 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-0391 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0391 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-26488 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26488 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-37454 CVE STATUS: Patched CVE SUMMARY: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37454 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-42919 CVE STATUS: Patched CVE SUMMARY: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42919 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-45061 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-48560 CVE STATUS: Patched CVE SUMMARY: A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48560 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-48564 CVE STATUS: Patched CVE SUMMARY: read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48564 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-48565 CVE STATUS: Patched CVE SUMMARY: An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48565 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2022-48566 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48566 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-24329 CVE STATUS: Patched CVE SUMMARY: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24329 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-27043 CVE STATUS: Patched CVE SUMMARY: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27043 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-33595 CVE STATUS: Patched CVE SUMMARY: CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33595 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-36632 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Not an issue, in fact expected behaviour CVE SUMMARY: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36632 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-38898 CVE STATUS: Patched CVE SUMMARY: An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38898 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-40217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40217 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-41105 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41105 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2023-6507 CVE STATUS: Patched CVE SUMMARY: An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6507 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2024-6232 CVE STATUS: Patched CVE SUMMARY: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6232 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.6 CVE: CVE-2024-7592 CVE STATUS: Patched CVE SUMMARY: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2014-1829 CVE STATUS: Patched CVE SUMMARY: Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1829 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2014-1830 CVE STATUS: Patched CVE SUMMARY: Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1830 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2015-2296 CVE STATUS: Patched CVE SUMMARY: The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2296 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2018-18074 CVE STATUS: Patched CVE SUMMARY: The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18074 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21674 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21674 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21675 CVE STATUS: Patched CVE SUMMARY: A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21675 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21676 CVE STATUS: Patched CVE SUMMARY: Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21676 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-29476 CVE STATUS: Patched CVE SUMMARY: Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29476 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2022-34782 CVE STATUS: Patched CVE SUMMARY: An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34782 LAYER: meta PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2023-32681 CVE STATUS: Patched CVE SUMMARY: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32681 LAYER: meta PACKAGE NAME: strace PACKAGE VERSION: 6.7 CVE: CVE-2000-0006 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: CVE is more than 20 years old with no resolution evident. Broken links in CVE database references make resolution impractical. CVE SUMMARY: strace allows local users to read arbitrary files via memory mapped file names. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0006 LAYER: meta PACKAGE NAME: libxcb PACKAGE VERSION: 1.16 CVE: CVE-2013-2064 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2064 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2007-4974 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4974 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2009-0186 CVE STATUS: Patched CVE SUMMARY: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0186 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2009-1788 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1788 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2009-1791 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1791 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2009-4835 CVE STATUS: Patched CVE SUMMARY: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4835 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2011-2696 CVE STATUS: Patched CVE SUMMARY: Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2696 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2014-9496 CVE STATUS: Patched CVE SUMMARY: The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9496 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2014-9756 CVE STATUS: Patched CVE SUMMARY: The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9756 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2015-7805 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7805 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-12562 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12562 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-14245 CVE STATUS: Patched CVE SUMMARY: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14245 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-14246 CVE STATUS: Patched CVE SUMMARY: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14246 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-14634 CVE STATUS: Patched CVE SUMMARY: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14634 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-16942 CVE STATUS: Patched CVE SUMMARY: In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16942 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-6892 CVE STATUS: Patched CVE SUMMARY: In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6892 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-7585 CVE STATUS: Patched CVE SUMMARY: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7585 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-7586 CVE STATUS: Patched CVE SUMMARY: In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7586 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-7741 CVE STATUS: Patched CVE SUMMARY: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7741 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-7742 CVE STATUS: Patched CVE SUMMARY: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7742 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-8361 CVE STATUS: Patched CVE SUMMARY: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-8362 CVE STATUS: Patched CVE SUMMARY: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8362 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-8363 CVE STATUS: Patched CVE SUMMARY: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8363 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2017-8365 CVE STATUS: Patched CVE SUMMARY: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8365 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-13139 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13139 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-13419 CVE STATUS: Patched CVE SUMMARY: An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13419 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-19432 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19432 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-19661 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19661 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-19662 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19662 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2018-19758 CVE STATUS: Patched CVE SUMMARY: There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19758 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2019-3832 CVE STATUS: Patched CVE SUMMARY: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3832 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2021-3246 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3246 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2021-4156 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4156 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2022-33064 CVE STATUS: Patched CVE SUMMARY: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33064 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2022-33065 CVE STATUS: Patched CVE SUMMARY: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33065 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2024-50612 CVE STATUS: Unpatched CVE SUMMARY: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-50612 LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2024-50613 CVE STATUS: Unpatched CVE SUMMARY: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-50613 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2008-5516 CVE STATUS: Patched CVE SUMMARY: The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5516 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2010-2542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2542 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2010-3906 CVE STATUS: Patched CVE SUMMARY: Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3906 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2013-0308 CVE STATUS: Patched CVE SUMMARY: The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0308 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2014-9390 CVE STATUS: Patched CVE SUMMARY: Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9390 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2014-9938 CVE STATUS: Patched CVE SUMMARY: contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9938 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2016-2315 CVE STATUS: Patched CVE SUMMARY: revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2315 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2016-2324 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2324 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-1000117 CVE STATUS: Patched CVE SUMMARY: A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000117 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-14867 CVE STATUS: Patched CVE SUMMARY: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14867 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2017-15298 CVE STATUS: Patched CVE SUMMARY: Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15298 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-1000021 CVE STATUS: Patched CVE SUMMARY: GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-11233 CVE STATUS: Patched CVE SUMMARY: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11233 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-11235 CVE STATUS: Patched CVE SUMMARY: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11235 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-17456 CVE STATUS: Patched CVE SUMMARY: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17456 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2018-19486 CVE STATUS: Patched CVE SUMMARY: Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19486 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1348 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1348 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1353 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1353 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-1387 CVE STATUS: Patched CVE SUMMARY: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1387 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2019-19604 CVE STATUS: Patched CVE SUMMARY: Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19604 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2020-11008 CVE STATUS: Patched CVE SUMMARY: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11008 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2020-5260 CVE STATUS: Patched CVE SUMMARY: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-5260 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2021-21300 CVE STATUS: Patched CVE SUMMARY: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21300 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2021-40330 CVE STATUS: Patched CVE SUMMARY: git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40330 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-23521 CVE STATUS: Patched CVE SUMMARY: Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23521 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-24765 CVE STATUS: Patched CVE SUMMARY: Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24765 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-24975 CVE STATUS: Patched CVE SUMMARY: The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24975 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-29187 CVE STATUS: Patched CVE SUMMARY: Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29187 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-39253 CVE STATUS: Patched CVE SUMMARY: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39253 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-39260 CVE STATUS: Patched CVE SUMMARY: Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39260 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-41903 CVE STATUS: Patched CVE SUMMARY: Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41903 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2022-41953 CVE STATUS: Patched CVE SUMMARY: Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41953 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-22490 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22490 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-23946 CVE STATUS: Patched CVE SUMMARY: Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-23946 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-25652 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25652 LAYER: meta PACKAGE NAME: git PACKAGE VERSION: 2.44.1 CVE: CVE-2023-29007 CVE STATUS: Patched CVE SUMMARY: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29007 LAYER: meta PACKAGE NAME: gconf PACKAGE VERSION: 3.2.6 CVE: CVE-2006-6698 CVE STATUS: Patched CVE SUMMARY: The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6698 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2019-18281 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18281 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Patched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-25580 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-25580 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2014-9637 CVE STATUS: Patched CVE SUMMARY: GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9637 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2015-1196 CVE STATUS: Patched CVE SUMMARY: GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1196 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2015-1395 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:C/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1395 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2015-1396 CVE STATUS: Patched CVE SUMMARY: A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1396 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2016-10713 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10713 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2018-1000156 CVE STATUS: Patched CVE SUMMARY: GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2018-20969 CVE STATUS: Patched CVE SUMMARY: do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20969 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2018-6951 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2018-6952 CVE STATUS: Patched CVE SUMMARY: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6952 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2019-13636 CVE STATUS: Patched CVE SUMMARY: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13636 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2019-13638 CVE STATUS: Patched CVE SUMMARY: GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13638 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2019-20633 CVE STATUS: Patched CVE SUMMARY: GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20633 LAYER: meta PACKAGE NAME: patch PACKAGE VERSION: 2.7.6 CVE: CVE-2021-45261 CVE STATUS: Patched CVE SUMMARY: An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45261 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2001-1268 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1268 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2001-1269 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1269 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2003-0282 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0282 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-0602 CVE STATUS: Patched CVE SUMMARY: Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0602 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-2475 CVE STATUS: Patched CVE SUMMARY: Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2475 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2005-4667 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4667 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2008-0888 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source CVE SUMMARY: The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0888 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8139 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8139 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8140 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8140 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-8141 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8141 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-9636 CVE STATUS: Patched CVE SUMMARY: unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9636 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2014-9913 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9913 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-1315 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1315 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-7696 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7696 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2015-7697 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7697 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2016-9844 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9844 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000031 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000031 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000032 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000032 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000033 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000033 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000034 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000034 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-1000035 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000035 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2018-18384 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18384 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2019-13232 CVE STATUS: Patched CVE SUMMARY: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13232 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2020-36561 CVE STATUS: Patched CVE SUMMARY: Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36561 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2021-4217 CVE STATUS: Patched CVE SUMMARY: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4217 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2022-0529 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0529 LAYER: meta PACKAGE NAME: unzip PACKAGE VERSION: 1_6.0 CVE: CVE-2022-0530 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0530 LAYER: meta PACKAGE NAME: libxrender PACKAGE VERSION: 1_0.9.11 CVE: CVE-2013-1987 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1987 LAYER: meta PACKAGE NAME: libxrender PACKAGE VERSION: 1_0.9.11 CVE: CVE-2016-7949 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7949 LAYER: meta PACKAGE NAME: libxrender PACKAGE VERSION: 1_0.9.11 CVE: CVE-2016-7950 CVE STATUS: Patched CVE SUMMARY: The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7950 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 6.7.0 CVE: CVE-2012-1088 CVE STATUS: Patched CVE SUMMARY: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1088 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 6.7.0 CVE: CVE-2019-20795 CVE STATUS: Patched CVE SUMMARY: iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20795 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2004-2215 CVE STATUS: Patched CVE SUMMARY: RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2215 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2005-0764 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0764 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2006-0126 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0126 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2008-1142 CVE STATUS: Patched CVE SUMMARY: rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1142 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2014-3121 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3121 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2021-33477 CVE STATUS: Patched CVE SUMMARY: rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33477 LAYER: meta PACKAGE NAME: rxvt-unicode PACKAGE VERSION: 9.31 CVE: CVE-2022-4170 CVE STATUS: Patched CVE SUMMARY: The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4170 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2001-1147 CVE STATUS: Patched CVE SUMMARY: The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1147 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2001-1175 CVE STATUS: Patched CVE SUMMARY: vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1175 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2001-1494 CVE STATUS: Patched CVE SUMMARY: script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1494 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2003-0094 CVE STATUS: Patched CVE SUMMARY: A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0094 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2004-0080 CVE STATUS: Patched CVE SUMMARY: The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0080 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2005-2876 CVE STATUS: Patched CVE SUMMARY: umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2876 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2006-7108 CVE STATUS: Patched CVE SUMMARY: login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. CVSS v2 BASE SCORE: 4.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7108 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2007-5191 CVE STATUS: Patched CVE SUMMARY: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5191 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2008-1926 CVE STATUS: Patched CVE SUMMARY: Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1926 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2011-1675 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1675 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2011-1676 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1676 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2011-1677 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1677 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2013-0157 CVE STATUS: Patched CVE SUMMARY: (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0157 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2014-9114 CVE STATUS: Patched CVE SUMMARY: Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9114 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2015-5218 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5218 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2015-5224 CVE STATUS: Patched CVE SUMMARY: The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5224 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2016-2779 CVE STATUS: Patched CVE SUMMARY: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2779 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2016-5011 CVE STATUS: Patched CVE SUMMARY: The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 4.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5011 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2017-2616 CVE STATUS: Patched CVE SUMMARY: A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2616 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2018-7738 CVE STATUS: Patched CVE SUMMARY: In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7738 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2020-21583 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21583 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2021-37600 CVE STATUS: Patched CVE SUMMARY: An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37600 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2021-3995 CVE STATUS: Patched CVE SUMMARY: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3995 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2021-3996 CVE STATUS: Patched CVE SUMMARY: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3996 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2022-0563 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0563 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.39.3 CVE: CVE-2024-28085 CVE STATUS: Patched CVE SUMMARY: wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-28085 LAYER: meta PACKAGE NAME: m4 PACKAGE VERSION: 1.4.19 CVE: CVE-2008-1687 CVE STATUS: Patched CVE SUMMARY: The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1687 LAYER: meta PACKAGE NAME: m4 PACKAGE VERSION: 1.4.19 CVE: CVE-2008-1688 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1688 LAYER: meta PACKAGE NAME: libxfixes PACKAGE VERSION: 1_6.0.1 CVE: CVE-2013-1983 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1983 LAYER: meta PACKAGE NAME: libxfixes PACKAGE VERSION: 1_6.0.1 CVE: CVE-2016-7944 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7944 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2001-1267 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1267 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2002-0399 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0399 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2002-1216 CVE STATUS: Patched CVE SUMMARY: GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1216 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2005-1918 CVE STATUS: Patched CVE SUMMARY: The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1918 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2005-2541 CVE STATUS: Patched CVE SUMMARY: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2541 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2006-0300 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0300 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2006-6097 CVE STATUS: Patched CVE SUMMARY: GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6097 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2007-4131 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4131 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2007-4476 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4476 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2010-0624 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0624 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2016-6321 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6321 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2018-20482 CVE STATUS: Patched CVE SUMMARY: GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20482 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2019-9923 CVE STATUS: Patched CVE SUMMARY: pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9923 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2021-20193 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20193 LAYER: meta PACKAGE NAME: tar PACKAGE VERSION: 1.35 CVE: CVE-2022-48303 CVE STATUS: Patched CVE SUMMARY: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48303 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3152 CVE STATUS: Patched CVE SUMMARY: c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3152 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3153 CVE STATUS: Patched CVE SUMMARY: The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3153 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2016-5180 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5180 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2017-1000381 CVE STATUS: Patched CVE SUMMARY: The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000381 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-14354 CVE STATUS: Patched CVE SUMMARY: A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14354 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-22217 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22217 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-8277 CVE STATUS: Patched CVE SUMMARY: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8277 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2021-3672 CVE STATUS: Patched CVE SUMMARY: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3672 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2022-4904 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4904 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31124 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31124 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31130 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31130 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31147 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31147 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-32067 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32067 LAYER: meta PACKAGE NAME: x11perf PACKAGE VERSION: 1_1.6.1 CVE: CVE-2011-2504 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2504 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2002-1170 CVE STATUS: Patched CVE SUMMARY: The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1170 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2003-0935 CVE STATUS: Patched CVE SUMMARY: Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0935 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-1740 CVE STATUS: Patched CVE SUMMARY: fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1740 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-2177 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2177 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-2811 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2811 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2005-4837 CVE STATUS: Patched CVE SUMMARY: snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4837 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2006-6305 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6305 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2007-5846 CVE STATUS: Patched CVE SUMMARY: The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5846 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-2292 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2292 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-4309 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4309 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2008-6123 CVE STATUS: Patched CVE SUMMARY: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6123 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2009-1887 CVE STATUS: Patched CVE SUMMARY: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1887 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2012-2141 CVE STATUS: Patched CVE SUMMARY: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2141 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2012-6151 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6151 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2284 CVE STATUS: Patched CVE SUMMARY: The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2284 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2285 CVE STATUS: Patched CVE SUMMARY: The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2285 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-2310 CVE STATUS: Patched CVE SUMMARY: The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2310 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2014-3565 CVE STATUS: Patched CVE SUMMARY: snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3565 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2015-5621 CVE STATUS: Patched CVE SUMMARY: The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5621 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2015-8100 CVE STATUS: Patched CVE SUMMARY: The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8100 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-1000116 CVE STATUS: Patched CVE SUMMARY: NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000116 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-18065 CVE STATUS: Patched CVE SUMMARY: _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18065 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2018-18066 CVE STATUS: Patched CVE SUMMARY: snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18066 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2019-20892 CVE STATUS: Patched CVE SUMMARY: net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20892 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2020-15861 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15861 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2020-15862 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15862 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-44792 CVE STATUS: Patched CVE SUMMARY: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44792 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.4 CVE: CVE-2022-44793 CVE STATUS: Patched CVE SUMMARY: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44793 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2016-9015 CVE STATUS: Patched CVE SUMMARY: Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9015 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2018-20060 CVE STATUS: Patched CVE SUMMARY: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20060 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2018-25091 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25091 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2019-11236 CVE STATUS: Patched CVE SUMMARY: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11236 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2019-11324 CVE STATUS: Patched CVE SUMMARY: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11324 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2020-26137 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26137 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2020-7212 CVE STATUS: Patched CVE SUMMARY: The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7212 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2021-28363 CVE STATUS: Patched CVE SUMMARY: The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28363 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2021-33503 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33503 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2023-43804 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43804 LAYER: meta PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 2.2.1 CVE: CVE-2023-45803 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.2 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45803 LAYER: meta PACKAGE NAME: serf PACKAGE VERSION: 1.3.10 CVE: CVE-2014-3504 CVE STATUS: Patched CVE SUMMARY: The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3504 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2011-2485 CVE STATUS: Patched CVE SUMMARY: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2485 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2011-2897 CVE STATUS: Patched CVE SUMMARY: gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2897 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2012-2370 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2370 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-4491 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4491 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-7673 CVE STATUS: Patched CVE SUMMARY: io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7673 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-7674 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7674 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-8875 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8875 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2016-6352 CVE STATUS: Patched CVE SUMMARY: The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6352 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-1000422 CVE STATUS: Patched CVE SUMMARY: Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000422 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-12447 CVE STATUS: Patched CVE SUMMARY: GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12447 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-2862 CVE STATUS: Patched CVE SUMMARY: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2862 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-2870 CVE STATUS: Patched CVE SUMMARY: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2870 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6311 CVE STATUS: Patched CVE SUMMARY: gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6311 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6312 CVE STATUS: Patched CVE SUMMARY: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6312 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6313 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6313 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6314 CVE STATUS: Patched CVE SUMMARY: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6314 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2020-29385 CVE STATUS: Patched CVE SUMMARY: GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29385 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-20240 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20240 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-46829 CVE STATUS: Patched CVE SUMMARY: GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46829 LAYER: meta-oe PACKAGE NAME: protobuf-c PACKAGE VERSION: 1.5.0 CVE: CVE-2022-33070 CVE STATUS: Patched CVE SUMMARY: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33070 LAYER: meta-oe PACKAGE NAME: protobuf-c PACKAGE VERSION: 1.5.0 CVE: CVE-2022-48468 CVE STATUS: Patched CVE SUMMARY: protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48468 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1098 CVE STATUS: Patched CVE SUMMARY: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1098 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1154 CVE STATUS: Patched CVE SUMMARY: The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1154 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1155 CVE STATUS: Patched CVE SUMMARY: The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1155 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1548 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1548 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1549 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1549 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2011-1550 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used CVE SUMMARY: The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1550 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.21.0 CVE: CVE-2022-1348 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1348 LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1374 CVE STATUS: Patched CVE SUMMARY: expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1374 LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1467 CVE STATUS: Patched CVE SUMMARY: mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1467 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-0660 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0660 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-0728 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0728 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2002-1363 CVE STATUS: Patched CVE SUMMARY: Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1363 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0421 CVE STATUS: Patched CVE SUMMARY: The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0421 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0597 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0597 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0598 CVE STATUS: Patched CVE SUMMARY: The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0598 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2004-0599 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0599 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-0481 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0481 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-3334 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3334 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-5793 CVE STATUS: Patched CVE SUMMARY: The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5793 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2006-7244 CVE STATUS: Patched CVE SUMMARY: Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7244 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-2445 CVE STATUS: Patched CVE SUMMARY: The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2445 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5266 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5266 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5267 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5267 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5268 CVE STATUS: Patched CVE SUMMARY: pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5268 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2007-5269 CVE STATUS: Patched CVE SUMMARY: Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5269 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-1382 CVE STATUS: Patched CVE SUMMARY: libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1382 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-3964 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3964 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-5907 CVE STATUS: Patched CVE SUMMARY: The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5907 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2008-6218 CVE STATUS: Patched CVE SUMMARY: Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6218 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-0040 CVE STATUS: Patched CVE SUMMARY: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0040 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-2042 CVE STATUS: Patched CVE SUMMARY: libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2042 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2009-5063 CVE STATUS: Patched CVE SUMMARY: Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5063 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-0205 CVE STATUS: Patched CVE SUMMARY: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0205 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-1205 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1205 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2010-2249 CVE STATUS: Patched CVE SUMMARY: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2249 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-0408 CVE STATUS: Patched CVE SUMMARY: pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0408 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2501 CVE STATUS: Patched CVE SUMMARY: The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2501 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2690 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2690 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2691 CVE STATUS: Patched CVE SUMMARY: The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2691 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-2692 CVE STATUS: Patched CVE SUMMARY: The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2692 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3045 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3045 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3048 CVE STATUS: Patched CVE SUMMARY: The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3048 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3328 CVE STATUS: Patched CVE SUMMARY: The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3328 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2011-3464 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3464 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2012-3425 CVE STATUS: Patched CVE SUMMARY: The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3425 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-6954 CVE STATUS: Patched CVE SUMMARY: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6954 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-7353 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7353 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2013-7354 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7354 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2014-0333 CVE STATUS: Patched CVE SUMMARY: The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0333 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2014-9495 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9495 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-0973 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0973 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-7981 CVE STATUS: Patched CVE SUMMARY: The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7981 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8126 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8126 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8472 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8472 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2015-8540 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8540 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2016-10087 CVE STATUS: Patched CVE SUMMARY: The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10087 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2016-3751 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3751 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2017-12652 CVE STATUS: Patched CVE SUMMARY: libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12652 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-13785 CVE STATUS: Patched CVE SUMMARY: In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13785 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-14048 CVE STATUS: Patched CVE SUMMARY: An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14048 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2018-14550 CVE STATUS: Patched CVE SUMMARY: An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14550 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2019-6129 CVE STATUS: Patched CVE SUMMARY: png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6129 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2019-7317 CVE STATUS: Patched CVE SUMMARY: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7317 LAYER: meta PACKAGE NAME: libpng PACKAGE VERSION: 1.6.42 CVE: CVE-2021-4214 CVE STATUS: Patched CVE SUMMARY: A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4214 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2000-0803 CVE STATUS: Patched CVE SUMMARY: GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0803 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2001-1022 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1022 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2002-0003 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0003 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2004-0969 CVE STATUS: Patched CVE SUMMARY: The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0969 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5044 CVE STATUS: Patched CVE SUMMARY: contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5044 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5078 CVE STATUS: Patched CVE SUMMARY: contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5078 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5079 CVE STATUS: Patched CVE SUMMARY: The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5079 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5080 CVE STATUS: Patched CVE SUMMARY: The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5080 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5081 CVE STATUS: Patched CVE SUMMARY: The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5081 LAYER: meta PACKAGE NAME: groff PACKAGE VERSION: 1.23.0 CVE: CVE-2009-5082 CVE STATUS: Patched CVE SUMMARY: The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5082 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2016-1516 CVE STATUS: Patched CVE SUMMARY: OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1516 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2016-1517 CVE STATUS: Patched CVE SUMMARY: OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1517 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-1000450 CVE STATUS: Patched CVE SUMMARY: In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000450 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12597 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12597 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12598 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12598 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12599 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12599 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12600 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12600 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12601 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12601 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12602 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12602 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12603 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12603 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12604 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12604 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12605 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12605 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12606 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12606 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12862 CVE STATUS: Patched CVE SUMMARY: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12862 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12863 CVE STATUS: Patched CVE SUMMARY: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12863 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-12864 CVE STATUS: Patched CVE SUMMARY: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12864 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-14136 CVE STATUS: Patched CVE SUMMARY: OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14136 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-17760 CVE STATUS: Patched CVE SUMMARY: OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17760 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2017-18009 CVE STATUS: Patched CVE SUMMARY: In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18009 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2018-5268 CVE STATUS: Patched CVE SUMMARY: In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5268 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2018-5269 CVE STATUS: Patched CVE SUMMARY: In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5269 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2018-7712 CVE STATUS: Patched CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7712 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2018-7713 CVE STATUS: Patched CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7713 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2018-7714 CVE STATUS: Patched CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7714 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-14491 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14491 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-14492 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14492 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-14493 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14493 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-15939 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15939 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-16249 CVE STATUS: Patched CVE SUMMARY: OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16249 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-19624 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19624 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-5063 CVE STATUS: Patched CVE SUMMARY: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5063 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2019-5064 CVE STATUS: Patched CVE SUMMARY: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5064 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2023-2617 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2617 LAYER: meta-oe PACKAGE NAME: opencv PACKAGE VERSION: 4.9.0 CVE: CVE-2023-2618 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2618 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2004-1484 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1484 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2010-2799 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2799 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2012-0219 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0219 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2013-3571 CVE STATUS: Patched CVE SUMMARY: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3571 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2014-0019 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0019 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2015-1379 CVE STATUS: Patched CVE SUMMARY: The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1379 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2016-2217 CVE STATUS: Patched CVE SUMMARY: The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2217 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2000-0963 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0963 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2002-0062 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0062 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-10684 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10684 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-10685 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10685 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-11112 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11112 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-11113 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11113 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13728 CVE STATUS: Patched CVE SUMMARY: There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13728 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13729 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13729 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13730 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13730 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13731 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13731 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13732 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13732 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13733 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13733 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-13734 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2017-16879 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16879 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2018-19211 CVE STATUS: Patched CVE SUMMARY: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19211 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2018-19217 CVE STATUS: Patched CVE SUMMARY: In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19217 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-15547 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15547 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-15548 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15548 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-17594 CVE STATUS: Patched CVE SUMMARY: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17594 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2019-17595 CVE STATUS: Patched CVE SUMMARY: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17595 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19185 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19185 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19186 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19186 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19187 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19187 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19188 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19188 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19189 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19189 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2020-19190 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19190 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2021-39537 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39537 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2022-29458 CVE STATUS: Patched CVE SUMMARY: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29458 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2023-29491 CVE STATUS: Patched CVE SUMMARY: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29491 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2023-45918 CVE STATUS: Patched CVE SUMMARY: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45918 LAYER: meta PACKAGE NAME: ncurses PACKAGE VERSION: 6.4 CVE: CVE-2023-50495 CVE STATUS: Patched CVE SUMMARY: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50495 LAYER: meta PACKAGE NAME: wayland PACKAGE VERSION: 1.22.0 CVE: CVE-2021-3782 CVE STATUS: Patched CVE SUMMARY: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3782 LAYER: meta PACKAGE NAME: libxinerama PACKAGE VERSION: 1_1.1.5 CVE: CVE-2013-1985 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1985 LAYER: meta PACKAGE NAME: lttng-ust PACKAGE VERSION: 2_2.13.8 CVE: CVE-2010-3386 CVE STATUS: Patched CVE SUMMARY: usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3386 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9099 CVE STATUS: Patched CVE SUMMARY: The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9099 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9100 CVE STATUS: Patched CVE SUMMARY: The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9100 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2015-9101 CVE STATUS: Patched CVE SUMMARY: The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9101 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-11720 CVE STATUS: Patched CVE SUMMARY: There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11720 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-13712 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13712 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15018 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15018 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15019 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15019 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15045 CVE STATUS: Patched CVE SUMMARY: LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15045 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-15046 CVE STATUS: Patched CVE SUMMARY: LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15046 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-8419 CVE STATUS: Patched CVE SUMMARY: LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8419 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9412 CVE STATUS: Patched CVE SUMMARY: The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9412 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9869 CVE STATUS: Patched CVE SUMMARY: The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9869 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9870 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9870 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9871 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9871 LAYER: meta PACKAGE NAME: lame PACKAGE VERSION: 3.100 CVE: CVE-2017-9872 CVE STATUS: Patched CVE SUMMARY: The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9872 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6424 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6424 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6425 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6425 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2014-9766 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9766 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2015-5297 CVE STATUS: Patched CVE SUMMARY: An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5297 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2022-44638 CVE STATUS: Patched CVE SUMMARY: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44638 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2023-37769 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: stress-test is an uninstalled test CVE SUMMARY: stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37769 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-3106 CVE STATUS: Patched CVE SUMMARY: lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3106 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4029 CVE STATUS: Patched CVE SUMMARY: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4029 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4065 CVE STATUS: Patched CVE SUMMARY: lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4065 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2007-4066 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4066 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1419 CVE STATUS: Patched CVE SUMMARY: Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1419 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1420 CVE STATUS: Patched CVE SUMMARY: Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1420 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-1423 CVE STATUS: Patched CVE SUMMARY: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1423 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2008-2009 CVE STATUS: Patched CVE SUMMARY: Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2009 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-11333 CVE STATUS: Patched CVE SUMMARY: The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11333 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14160 CVE STATUS: Patched CVE SUMMARY: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14160 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14632 CVE STATUS: Patched CVE SUMMARY: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14632 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2017-14633 CVE STATUS: Patched CVE SUMMARY: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14633 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2018-10392 CVE STATUS: Patched CVE SUMMARY: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10392 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2018-10393 CVE STATUS: Patched CVE SUMMARY: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10393 LAYER: meta PACKAGE NAME: libvorbis PACKAGE VERSION: 1.3.7 CVE: CVE-2020-20412 CVE STATUS: Patched CVE SUMMARY: lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20412 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2008-6589 CVE STATUS: Patched CVE SUMMARY: Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6589 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2008-6590 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6590 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2008-6592 CVE STATUS: Patched CVE SUMMARY: thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6592 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2008-6593 CVE STATUS: Patched CVE SUMMARY: SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6593 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2013-7443 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7443 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-3414 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3414 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-3415 CVE STATUS: Patched CVE SUMMARY: The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3415 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-3416 CVE STATUS: Patched CVE SUMMARY: The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3416 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-3717 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3717 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-5895 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5895 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2015-6607 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6607 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2016-6153 CVE STATUS: Patched CVE SUMMARY: os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6153 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2017-10989 CVE STATUS: Patched CVE SUMMARY: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10989 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2017-13685 CVE STATUS: Patched CVE SUMMARY: The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13685 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2017-15286 CVE STATUS: Patched CVE SUMMARY: SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15286 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2018-20346 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20346 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2018-20505 CVE STATUS: Patched CVE SUMMARY: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20505 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2018-20506 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20506 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2018-8740 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8740 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-16168 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16168 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19242 CVE STATUS: Patched CVE SUMMARY: SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19242 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19244 CVE STATUS: Patched CVE SUMMARY: sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19244 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19317 CVE STATUS: Patched CVE SUMMARY: lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19317 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19603 CVE STATUS: Patched CVE SUMMARY: SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19603 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19645 CVE STATUS: Patched CVE SUMMARY: alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19645 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19646 CVE STATUS: Patched CVE SUMMARY: pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19646 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19880 CVE STATUS: Patched CVE SUMMARY: exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19880 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19923 CVE STATUS: Patched CVE SUMMARY: flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19923 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19924 CVE STATUS: Patched CVE SUMMARY: SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19924 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19925 CVE STATUS: Patched CVE SUMMARY: zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19925 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19926 CVE STATUS: Patched CVE SUMMARY: multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19926 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-19959 CVE STATUS: Patched CVE SUMMARY: ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19959 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-20218 CVE STATUS: Patched CVE SUMMARY: selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20218 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-5018 CVE STATUS: Patched CVE SUMMARY: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5018 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-8457 CVE STATUS: Patched CVE SUMMARY: SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8457 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-9936 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9936 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2019-9937 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9937 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-11655 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11655 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-11656 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11656 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13434 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13434 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13435 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13435 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13630 CVE STATUS: Patched CVE SUMMARY: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13630 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13631 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13631 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13632 CVE STATUS: Patched CVE SUMMARY: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13632 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-13871 CVE STATUS: Patched CVE SUMMARY: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13871 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-15358 CVE STATUS: Patched CVE SUMMARY: In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15358 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-35525 CVE STATUS: Patched CVE SUMMARY: In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35525 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-35527 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35527 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2020-9327 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9327 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2021-20227 CVE STATUS: Patched CVE SUMMARY: A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20227 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2021-31239 CVE STATUS: Patched CVE SUMMARY: An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31239 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2021-36690 CVE STATUS: Patched CVE SUMMARY: A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36690 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2021-45346 CVE STATUS: Patched CVE SUMMARY: A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45346 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2022-35737 CVE STATUS: Patched CVE SUMMARY: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35737 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2022-46908 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46908 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2023-7104 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. CVSS v2 BASE SCORE: 5.2 CVSS v3 BASE SCORE: 7.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7104 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.1 CVE: CVE-2024-0232 CVE STATUS: Patched CVE SUMMARY: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0232 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2012-5667 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5667 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2015-1345 CVE STATUS: Patched CVE SUMMARY: The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1345 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-1999-1010 CVE STATUS: Patched CVE SUMMARY: An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1010 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-0143 CVE STATUS: Patched CVE SUMMARY: The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0143 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-0217 CVE STATUS: Patched CVE SUMMARY: The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0217 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-0525 CVE STATUS: Patched CVE SUMMARY: OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0525 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-0992 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0992 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-0999 CVE STATUS: Patched CVE SUMMARY: Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0999 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2000-1169 CVE STATUS: Patched CVE SUMMARY: OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1169 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0144 CVE STATUS: Patched CVE SUMMARY: CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0144 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0361 CVE STATUS: Patched CVE SUMMARY: Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0361 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0529 CVE STATUS: Patched CVE SUMMARY: OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0529 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0572 CVE STATUS: Patched CVE SUMMARY: The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0572 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0816 CVE STATUS: Patched CVE SUMMARY: OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0816 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-0872 CVE STATUS: Patched CVE SUMMARY: OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0872 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1029 CVE STATUS: Patched CVE SUMMARY: libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1029 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1380 CVE STATUS: Patched CVE SUMMARY: OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1380 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1382 CVE STATUS: Patched CVE SUMMARY: The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1382 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1459 CVE STATUS: Patched CVE SUMMARY: OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1459 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1507 CVE STATUS: Patched CVE SUMMARY: OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1507 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2001-1585 CVE STATUS: Patched CVE SUMMARY: SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1585 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2002-0083 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0083 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2002-0575 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0575 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2002-0639 CVE STATUS: Patched CVE SUMMARY: Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0639 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2002-0640 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0640 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2002-0765 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0765 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0190 CVE STATUS: Patched CVE SUMMARY: OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0190 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0386 CVE STATUS: Patched CVE SUMMARY: OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0386 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0682 CVE STATUS: Patched CVE SUMMARY: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0682 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0693 CVE STATUS: Patched CVE SUMMARY: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0693 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0695 CVE STATUS: Patched CVE SUMMARY: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0695 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0786 CVE STATUS: Patched CVE SUMMARY: The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0786 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-0787 CVE STATUS: Patched CVE SUMMARY: The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0787 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2003-1562 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1562 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2004-0175 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0175 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2004-1653 CVE STATUS: Patched CVE SUMMARY: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1653 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2004-2069 CVE STATUS: Patched CVE SUMMARY: sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2069 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2004-2760 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2760 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2005-2666 CVE STATUS: Patched CVE SUMMARY: SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2666 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2005-2797 CVE STATUS: Patched CVE SUMMARY: OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2797 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2005-2798 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2798 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-0225 CVE STATUS: Patched CVE SUMMARY: scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0225 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-0883 CVE STATUS: Patched CVE SUMMARY: OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0883 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-4924 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4924 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-4925 CVE STATUS: Patched CVE SUMMARY: packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4925 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-5051 CVE STATUS: Patched CVE SUMMARY: Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5051 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-5052 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5052 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-5229 CVE STATUS: Patched CVE SUMMARY: OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5229 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2006-5794 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5794 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2007-2243 CVE STATUS: Patched CVE SUMMARY: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2243 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2007-2768 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: This CVE is specific to OpenSSH with the pam opie which we don't build/use here. CVE SUMMARY: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2768 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2007-3102 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3102 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2007-4654 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4654 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2007-4752 CVE STATUS: Patched CVE SUMMARY: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4752 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-1483 CVE STATUS: Patched CVE SUMMARY: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1483 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-1657 CVE STATUS: Patched CVE SUMMARY: OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1657 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-3234 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3234 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-3259 CVE STATUS: Patched CVE SUMMARY: OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3259 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-3844 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Only applies to some distributed RHEL binaries. CVE SUMMARY: Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3844 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-4109 CVE STATUS: Patched CVE SUMMARY: A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4109 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2008-5161 CVE STATUS: Patched CVE SUMMARY: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5161 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2009-2904 CVE STATUS: Patched CVE SUMMARY: A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2904 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2010-4478 CVE STATUS: Patched CVE SUMMARY: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4478 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2010-4755 CVE STATUS: Patched CVE SUMMARY: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4755 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2010-5107 CVE STATUS: Patched CVE SUMMARY: The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5107 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2011-0539 CVE STATUS: Patched CVE SUMMARY: The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0539 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2011-4327 CVE STATUS: Patched CVE SUMMARY: ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4327 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2011-5000 CVE STATUS: Patched CVE SUMMARY: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-5000 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2012-0814 CVE STATUS: Patched CVE SUMMARY: The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0814 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2013-4548 CVE STATUS: Patched CVE SUMMARY: The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4548 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2014-1692 CVE STATUS: Patched CVE SUMMARY: The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1692 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2014-2532 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2532 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2014-2653 CVE STATUS: Patched CVE SUMMARY: The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2653 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2014-9278 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment CVE SUMMARY: The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9278 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-5352 CVE STATUS: Patched CVE SUMMARY: The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5352 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-5600 CVE STATUS: Patched CVE SUMMARY: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5600 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-6563 CVE STATUS: Patched CVE SUMMARY: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6563 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-6564 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6564 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-6565 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6565 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2015-8325 CVE STATUS: Patched CVE SUMMARY: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8325 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-0777 CVE STATUS: Patched CVE SUMMARY: The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0777 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-0778 CVE STATUS: Patched CVE SUMMARY: The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0778 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-10009 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10009 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-10010 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10010 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-10011 CVE STATUS: Patched CVE SUMMARY: authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10011 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-10012 CVE STATUS: Patched CVE SUMMARY: The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10012 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-10708 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10708 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-1907 CVE STATUS: Patched CVE SUMMARY: The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1907 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-1908 CVE STATUS: Patched CVE SUMMARY: The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1908 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-20012 CVE STATUS: Patched CVE SUMMARY: OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-20012 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-3115 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 6.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3115 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-6210 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6210 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-6515 CVE STATUS: Patched CVE SUMMARY: The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6515 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2016-8858 CVE STATUS: Patched CVE SUMMARY: The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8858 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2017-15906 CVE STATUS: Patched CVE SUMMARY: The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15906 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2018-15473 CVE STATUS: Patched CVE SUMMARY: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15473 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2018-15919 CVE STATUS: Patched CVE SUMMARY: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15919 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2018-20685 CVE STATUS: Patched CVE SUMMARY: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20685 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2019-16905 CVE STATUS: Patched CVE SUMMARY: OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16905 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2019-6109 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6109 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2019-6110 CVE STATUS: Patched CVE SUMMARY: In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6110 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2019-6111 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6111 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2020-12062 CVE STATUS: Patched CVE SUMMARY: The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12062 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2020-14145 CVE STATUS: Patched CVE SUMMARY: The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14145 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2020-15778 CVE STATUS: Patched CVE SUMMARY: scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15778 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2021-28041 CVE STATUS: Patched CVE SUMMARY: ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28041 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2021-36368 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36368 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2021-41617 CVE STATUS: Patched CVE SUMMARY: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41617 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-25136 CVE STATUS: Patched CVE SUMMARY: OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25136 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-28531 CVE STATUS: Patched CVE SUMMARY: ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28531 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-38408 CVE STATUS: Patched CVE SUMMARY: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38408 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-48795 CVE STATUS: Patched CVE SUMMARY: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48795 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-51384 CVE STATUS: Patched CVE SUMMARY: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51384 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-51385 CVE STATUS: Patched CVE SUMMARY: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51385 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2023-51767 CVE STATUS: Unpatched CVE SUMMARY: OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51767 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2024-39894 CVE STATUS: Patched CVE SUMMARY: OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39894 LAYER: meta PACKAGE NAME: openssh PACKAGE VERSION: 9.6p1 CVE: CVE-2024-6387 CVE STATUS: Patched CVE SUMMARY: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6387 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2005-1111 CVE STATUS: Patched CVE SUMMARY: Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1111 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2005-1229 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1229 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2005-4268 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4268 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2010-0624 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0624 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2010-4226 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue applies to use of cpio in SUSE/OBS CVE SUMMARY: cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4226 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2014-9112 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9112 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2015-1197 CVE STATUS: Patched CVE SUMMARY: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1197 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2016-2037 CVE STATUS: Patched CVE SUMMARY: The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2037 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2019-14866 CVE STATUS: Patched CVE SUMMARY: In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14866 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2021-38185 CVE STATUS: Patched CVE SUMMARY: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38185 LAYER: meta PACKAGE NAME: cpio PACKAGE VERSION: 2.15 CVE: CVE-2023-7216 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html CVE SUMMARY: A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7216 LAYER: meta PACKAGE NAME: pcmanfm PACKAGE VERSION: 1.3.2 CVE: CVE-2017-8934 CVE STATUS: Patched CVE SUMMARY: PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8934 LAYER: meta PACKAGE NAME: json-c PACKAGE VERSION: 0.17 CVE: CVE-2013-6370 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6370 LAYER: meta PACKAGE NAME: json-c PACKAGE VERSION: 0.17 CVE: CVE-2013-6371 CVE STATUS: Patched CVE SUMMARY: The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6371 LAYER: meta PACKAGE NAME: json-c PACKAGE VERSION: 0.17 CVE: CVE-2020-12762 CVE STATUS: Patched CVE SUMMARY: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12762 LAYER: meta PACKAGE NAME: json-c PACKAGE VERSION: 0.17 CVE: CVE-2021-32292 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32292 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2007-1804 CVE STATUS: Patched CVE SUMMARY: PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1804 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2008-0008 CVE STATUS: Patched CVE SUMMARY: The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0008 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2009-1299 CVE STATUS: Patched CVE SUMMARY: The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1299 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2009-1894 CVE STATUS: Patched CVE SUMMARY: Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1894 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2014-3970 CVE STATUS: Patched CVE SUMMARY: The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3970 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2020-11931 CVE STATUS: Patched CVE SUMMARY: An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11931 LAYER: meta PACKAGE NAME: pulseaudio PACKAGE VERSION: 17.0 CVE: CVE-2020-15710 CVE STATUS: Patched CVE SUMMARY: Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15710 LAYER: meta PACKAGE NAME: libxt PACKAGE VERSION: 1_1.3.0 CVE: CVE-2013-2002 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2002 LAYER: meta PACKAGE NAME: libxt PACKAGE VERSION: 1_1.3.0 CVE: CVE-2013-2005 CVE STATUS: Patched CVE SUMMARY: X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2005 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2018-1121 CVE STATUS: Patched CVE SUMMARY: procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1121 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2023-4016 CVE STATUS: Patched CVE SUMMARY: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2016-4330 CVE STATUS: Patched CVE SUMMARY: In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4330 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2016-4331 CVE STATUS: Patched CVE SUMMARY: When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4331 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2016-4332 CVE STATUS: Patched CVE SUMMARY: The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4332 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2016-4333 CVE STATUS: Patched CVE SUMMARY: The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4333 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2017-17505 CVE STATUS: Patched CVE SUMMARY: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17505 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2017-17506 CVE STATUS: Patched CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17506 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2017-17507 CVE STATUS: Patched CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17507 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2017-17508 CVE STATUS: Patched CVE SUMMARY: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17508 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2017-17509 CVE STATUS: Patched CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17509 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11202 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11202 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11203 CVE STATUS: Patched CVE SUMMARY: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11203 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11204 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11204 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11205 CVE STATUS: Patched CVE SUMMARY: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11205 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11206 CVE STATUS: Patched CVE SUMMARY: An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11206 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-11207 CVE STATUS: Patched CVE SUMMARY: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11207 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13866 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13866 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13867 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13867 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13868 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13868 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13869 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13870 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13871 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13872 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13873 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13874 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13874 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13875 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13875 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-13876 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13876 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-14031 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14031 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-14033 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14033 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-14034 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14034 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-14035 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14035 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-14460 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14460 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-15671 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15671 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-16438 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16438 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17233 CVE STATUS: Patched CVE SUMMARY: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17233 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17234 CVE STATUS: Patched CVE SUMMARY: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17234 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17237 CVE STATUS: Patched CVE SUMMARY: A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17237 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17432 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17432 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17433 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17433 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17434 CVE STATUS: Patched CVE SUMMARY: A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17434 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17435 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17435 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17436 CVE STATUS: Patched CVE SUMMARY: ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17436 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17437 CVE STATUS: Patched CVE SUMMARY: Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17437 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17438 CVE STATUS: Patched CVE SUMMARY: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17438 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2018-17439 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17439 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2019-8396 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8396 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2019-8397 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8397 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2019-8398 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8398 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2019-9151 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9151 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2019-9152 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9152 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-10809 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10809 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-10810 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10810 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-10811 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10811 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-10812 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10812 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-18232 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18232 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2020-18494 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18494 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-37501 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37501 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-45829 CVE STATUS: Patched CVE SUMMARY: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45829 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-45830 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45830 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-45832 CVE STATUS: Patched CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45832 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-45833 CVE STATUS: Patched CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45833 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-46242 CVE STATUS: Patched CVE SUMMARY: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46242 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-46243 CVE STATUS: Patched CVE SUMMARY: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46243 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2021-46244 CVE STATUS: Patched CVE SUMMARY: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46244 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2022-25942 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25942 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2022-25972 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25972 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2022-26061 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26061 LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2024-32608 CVE STATUS: Patched CVE SUMMARY: HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32608 LAYER: meta PACKAGE NAME: readline PACKAGE VERSION: 8.2 CVE: CVE-2014-2524 CVE STATUS: Patched CVE SUMMARY: The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2524 LAYER: meta PACKAGE NAME: xinit PACKAGE VERSION: 1_1.4.2 CVE: CVE-2006-4447 CVE STATUS: Patched CVE SUMMARY: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4447 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2013-1633 CVE STATUS: Patched CVE SUMMARY: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1633 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2022-40897 CVE STATUS: Patched CVE SUMMARY: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40897 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2024-6345 CVE STATUS: Patched CVE SUMMARY: A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6345 LAYER: meta-ros2-jazzy PACKAGE NAME: cyclonedds PACKAGE VERSION: 0.10.4-4 CVE: CVE-2021-38441 CVE STATUS: Patched CVE SUMMARY: Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38441 LAYER: meta-ros2-jazzy PACKAGE NAME: cyclonedds PACKAGE VERSION: 0.10.4-4 CVE: CVE-2021-38443 CVE STATUS: Patched CVE SUMMARY: Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38443 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2016-3697 CVE STATUS: Patched CVE SUMMARY: libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3697 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2019-16884 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16884 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2019-19921 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19921 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2019-5736 CVE STATUS: Patched CVE SUMMARY: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5736 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2021-30465 CVE STATUS: Patched CVE SUMMARY: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 8.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30465 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2021-43784 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 5.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43784 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2022-24769 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24769 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2022-29162 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29162 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2023-25809 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25809 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2023-27561 CVE STATUS: Patched CVE SUMMARY: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27561 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2023-28642 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28642 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.12+git CVE: CVE-2024-21626 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-21626 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2005-0366 CVE STATUS: Patched CVE SUMMARY: The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0366 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2006-3082 CVE STATUS: Patched CVE SUMMARY: parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3082 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2006-3746 CVE STATUS: Patched CVE SUMMARY: Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3746 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2006-6169 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6169 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2007-1263 CVE STATUS: Patched CVE SUMMARY: GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1263 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2008-1530 CVE STATUS: Patched CVE SUMMARY: GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1530 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2010-2547 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2547 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2011-2207 CVE STATUS: Patched CVE SUMMARY: dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2207 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2012-6085 CVE STATUS: Patched CVE SUMMARY: The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6085 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2013-4242 CVE STATUS: Patched CVE SUMMARY: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4242 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2013-4351 CVE STATUS: Patched CVE SUMMARY: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4351 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2013-4402 CVE STATUS: Patched CVE SUMMARY: The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4402 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2013-4576 CVE STATUS: Patched CVE SUMMARY: GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4576 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2014-3591 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3591 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2014-4617 CVE STATUS: Patched CVE SUMMARY: The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4617 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2014-9087 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9087 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2015-0837 CVE STATUS: Patched CVE SUMMARY: The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0837 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2015-1606 CVE STATUS: Patched CVE SUMMARY: The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1606 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2015-1607 CVE STATUS: Patched CVE SUMMARY: kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1607 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2016-6313 CVE STATUS: Patched CVE SUMMARY: The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6313 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2018-1000858 CVE STATUS: Patched CVE SUMMARY: GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000858 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2018-12020 CVE STATUS: Patched CVE SUMMARY: mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12020 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2018-9234 CVE STATUS: Patched CVE SUMMARY: GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9234 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2019-13050 CVE STATUS: Patched CVE SUMMARY: Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13050 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2019-14855 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14855 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2020-25125 CVE STATUS: Patched CVE SUMMARY: GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25125 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2022-3219 CVE STATUS: Unpatched CVE SUMMARY: GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3219 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2022-34903 CVE STATUS: Patched CVE SUMMARY: GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34903 LAYER: meta PACKAGE NAME: gnupg PACKAGE VERSION: 2.4.4 CVE: CVE-2022-3515 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3515 LAYER: meta PACKAGE NAME: sysklogd PACKAGE VERSION: 2.5.2 CVE: CVE-2014-3634 CVE STATUS: Patched CVE SUMMARY: rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3634 LAYER: meta PACKAGE NAME: sysklogd PACKAGE VERSION: 2.5.2 CVE: CVE-2014-3683 CVE STATUS: Patched CVE SUMMARY: Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3683 LAYER: meta PACKAGE NAME: libsamplerate0 PACKAGE VERSION: 0.2.2 CVE: CVE-2017-7697 CVE STATUS: Patched CVE SUMMARY: In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7697 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1984 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1984 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1995 CVE STATUS: Patched CVE SUMMARY: X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1995 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2013-1998 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1998 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2016-7945 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7945 LAYER: meta PACKAGE NAME: libxi PACKAGE VERSION: 1_1.8.1 CVE: CVE-2016-7946 CVE STATUS: Patched CVE SUMMARY: X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7946 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc-sanitizers PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta-oe PACKAGE NAME: htop PACKAGE VERSION: 3.3.0 CVE: CVE-2008-5076 CVE STATUS: Patched CVE SUMMARY: htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings." CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5076 LAYER: meta PACKAGE NAME: blktrace PACKAGE VERSION: 1.3.0+git CVE: CVE-2018-10689 CVE STATUS: Patched CVE SUMMARY: blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10689 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-1999-0958 CVE STATUS: Patched CVE SUMMARY: sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0958 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-1999-1496 CVE STATUS: Patched CVE SUMMARY: Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1496 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2002-0043 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0043 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2002-0184 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0184 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2004-1051 CVE STATUS: Patched CVE SUMMARY: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1051 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2004-1689 CVE STATUS: Patched CVE SUMMARY: sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1689 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1119 CVE STATUS: Patched CVE SUMMARY: Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1119 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1831 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1831 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-1993 CVE STATUS: Patched CVE SUMMARY: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1993 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-2959 CVE STATUS: Patched CVE SUMMARY: Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2959 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-4158 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4158 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2006-0151 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0151 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2007-3149 CVE STATUS: Patched CVE SUMMARY: sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3149 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2007-4305 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4305 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2009-0034 CVE STATUS: Patched CVE SUMMARY: parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0034 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-0426 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0426 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-0427 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0427 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-1163 CVE STATUS: Patched CVE SUMMARY: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1163 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-1646 CVE STATUS: Patched CVE SUMMARY: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1646 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2010-2956 CVE STATUS: Patched CVE SUMMARY: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2956 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2011-0008 CVE STATUS: Patched CVE SUMMARY: A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0008 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2011-0010 CVE STATUS: Patched CVE SUMMARY: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0010 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-0809 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-2337 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2337 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2012-3440 CVE STATUS: Patched CVE SUMMARY: A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. CVSS v2 BASE SCORE: 5.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3440 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-1775 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1775 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-1776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-2776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2013-2777 CVE STATUS: Patched CVE SUMMARY: sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2777 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2014-0106 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0106 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2014-9680 CVE STATUS: Patched CVE SUMMARY: sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9680 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2015-5602 CVE STATUS: Patched CVE SUMMARY: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5602 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2015-8239 CVE STATUS: Patched CVE SUMMARY: The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2016-7032 CVE STATUS: Patched CVE SUMMARY: sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7032 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2016-7076 CVE STATUS: Patched CVE SUMMARY: sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7076 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2017-1000367 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000367 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2017-1000368 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-14287 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14287 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-18634 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18634 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-18684 CVE STATUS: Patched CVE SUMMARY: Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18684 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-19232 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19232 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2019-19234 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19234 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-23239 CVE STATUS: Patched CVE SUMMARY: The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-23240 CVE STATUS: Patched CVE SUMMARY: selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23240 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2021-3156 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3156 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2022-43995 CVE STATUS: Patched CVE SUMMARY: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43995 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-22809 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-27320 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27320 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-28486 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in log messages. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28486 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-28487 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28487 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-42456 CVE STATUS: Patched CVE SUMMARY: Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42456 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-42465 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42465 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p5 CVE: CVE-2023-7090 CVE STATUS: Patched CVE SUMMARY: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7090 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-0747 CVE STATUS: Patched CVE SUMMARY: Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0747 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-1861 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1861 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-2661 CVE STATUS: Patched CVE SUMMARY: ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2661 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-3467 CVE STATUS: Patched CVE SUMMARY: Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3467 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2007-2754 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2754 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2007-3506 CVE STATUS: Patched CVE SUMMARY: The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3506 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1806 CVE STATUS: Patched CVE SUMMARY: Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1806 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1807 CVE STATUS: Patched CVE SUMMARY: FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1807 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1808 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1808 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2009-0946 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0946 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2497 CVE STATUS: Patched CVE SUMMARY: Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2497 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2498 CVE STATUS: Patched CVE SUMMARY: The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2498 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2499 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2499 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2500 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2500 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2519 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2519 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2520 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2520 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2527 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2527 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2541 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2541 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2805 CVE STATUS: Patched CVE SUMMARY: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2805 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2806 CVE STATUS: Patched CVE SUMMARY: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2806 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2807 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2807 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2808 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2808 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3053 CVE STATUS: Patched CVE SUMMARY: bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3053 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3054 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3054 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3311 CVE STATUS: Patched CVE SUMMARY: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3311 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3814 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3814 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3855 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3855 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2011-0226 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0226 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2011-2895 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2895 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1126 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1126 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1127 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1127 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1128 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1128 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1129 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1129 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1130 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1130 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1131 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1131 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1132 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1132 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1133 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1133 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1134 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1134 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1135 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1135 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1136 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1136 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1137 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1137 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1138 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1138 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1139 CVE STATUS: Patched CVE SUMMARY: Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1139 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1140 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1140 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1141 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1141 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1142 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1142 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1143 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1143 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1144 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1144 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5668 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5668 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5669 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5669 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5670 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5670 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-2240 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2240 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-2241 CVE STATUS: Patched CVE SUMMARY: The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2241 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9656 CVE STATUS: Patched CVE SUMMARY: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9656 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9657 CVE STATUS: Patched CVE SUMMARY: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9657 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9658 CVE STATUS: Patched CVE SUMMARY: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9658 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9659 CVE STATUS: Patched CVE SUMMARY: cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9659 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9660 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9660 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9661 CVE STATUS: Patched CVE SUMMARY: type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9661 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9662 CVE STATUS: Patched CVE SUMMARY: cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9662 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9663 CVE STATUS: Patched CVE SUMMARY: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9663 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9664 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9664 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9665 CVE STATUS: Patched CVE SUMMARY: The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9665 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9666 CVE STATUS: Patched CVE SUMMARY: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9666 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9667 CVE STATUS: Patched CVE SUMMARY: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9667 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9668 CVE STATUS: Patched CVE SUMMARY: The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9668 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9669 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9669 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9670 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9670 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9671 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9671 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9672 CVE STATUS: Patched CVE SUMMARY: Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9672 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9673 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9673 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9674 CVE STATUS: Patched CVE SUMMARY: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9674 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9675 CVE STATUS: Patched CVE SUMMARY: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9675 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9745 CVE STATUS: Patched CVE SUMMARY: The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9745 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9746 CVE STATUS: Patched CVE SUMMARY: The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9746 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9747 CVE STATUS: Patched CVE SUMMARY: The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9747 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9290 CVE STATUS: Patched CVE SUMMARY: In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9290 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9381 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9381 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9382 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9382 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9383 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9383 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2016-10244 CVE STATUS: Patched CVE SUMMARY: The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10244 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2016-10328 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10328 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7857 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7857 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7858 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7858 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7864 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7864 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-8105 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8105 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-8287 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8287 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2018-6942 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6942 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2020-15999 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15999 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27404 CVE STATUS: Patched CVE SUMMARY: FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27404 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27405 CVE STATUS: Patched CVE SUMMARY: FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27405 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27406 CVE STATUS: Patched CVE SUMMARY: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27406 LAYER: meta PACKAGE NAME: zip PACKAGE VERSION: 3.0 CVE: CVE-2004-1010 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1010 LAYER: meta PACKAGE NAME: zip PACKAGE VERSION: 3.0 CVE: CVE-2018-13410 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Disputed and also Debian doesn't consider a vulnerability CVE SUMMARY: Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13410 LAYER: meta PACKAGE NAME: zip PACKAGE VERSION: 3.0 CVE: CVE-2018-13684 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Not for zip but for smart contract implementation for it CVE SUMMARY: The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13684 LAYER: meta PACKAGE NAME: zip PACKAGE VERSION: 3.0 CVE: CVE-2023-39135 CVE STATUS: Patched CVE SUMMARY: An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39135 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-3315 CVE STATUS: Patched CVE SUMMARY: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3315 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-4539 CVE STATUS: Patched CVE SUMMARY: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4539 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2010-4644 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4644 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-0715 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0715 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1752 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1752 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1783 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1783 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2011-1921 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1921 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1845 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1845 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1846 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1846 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1847 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1847 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1849 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1849 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1884 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1884 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-1968 CVE STATUS: Patched CVE SUMMARY: Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1968 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-2088 CVE STATUS: Patched CVE SUMMARY: contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2088 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-2112 CVE STATUS: Patched CVE SUMMARY: The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2112 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4131 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4131 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4246 CVE STATUS: Patched CVE SUMMARY: libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4246 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4262 CVE STATUS: Patched CVE SUMMARY: svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. CVSS v2 BASE SCORE: 2.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4262 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4277 CVE STATUS: Patched CVE SUMMARY: Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4277 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4505 CVE STATUS: Patched CVE SUMMARY: The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4505 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-4558 CVE STATUS: Patched CVE SUMMARY: The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4558 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2013-7393 CVE STATUS: Patched CVE SUMMARY: The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). CVSS v2 BASE SCORE: 2.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7393 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-0032 CVE STATUS: Patched CVE SUMMARY: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0032 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3504 CVE STATUS: Patched CVE SUMMARY: The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3504 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3522 CVE STATUS: Patched CVE SUMMARY: The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3522 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3528 CVE STATUS: Patched CVE SUMMARY: Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3528 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-3580 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3580 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2014-8108 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8108 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0202 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0202 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0248 CVE STATUS: Patched CVE SUMMARY: The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0248 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-0251 CVE STATUS: Patched CVE SUMMARY: The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0251 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-3184 CVE STATUS: Patched CVE SUMMARY: mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3184 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-3187 CVE STATUS: Patched CVE SUMMARY: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3187 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-5259 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5259 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2015-5343 CVE STATUS: Patched CVE SUMMARY: Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5343 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-2167 CVE STATUS: Patched CVE SUMMARY: The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2167 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-2168 CVE STATUS: Patched CVE SUMMARY: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2168 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2016-8734 CVE STATUS: Patched CVE SUMMARY: Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8734 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2017-9800 CVE STATUS: Patched CVE SUMMARY: A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9800 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2018-11782 CVE STATUS: Patched CVE SUMMARY: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11782 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2018-11803 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11803 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2019-0203 CVE STATUS: Patched CVE SUMMARY: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-0203 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2020-17525 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17525 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2021-28544 CVE STATUS: Patched CVE SUMMARY: Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28544 LAYER: meta PACKAGE NAME: subversion PACKAGE VERSION: 1.14.3 CVE: CVE-2022-24070 CVE STATUS: Patched CVE SUMMARY: Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24070 LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.7.2 CVE: CVE-2010-0424 CVE STATUS: Patched CVE SUMMARY: The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0424 LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.7.2 CVE: CVE-2012-6097 CVE STATUS: Patched CVE SUMMARY: File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6097 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0759 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0759 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0760 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0760 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0761 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0761 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-0953 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0953 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-1260 CVE STATUS: Patched CVE SUMMARY: bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1260 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2008-1372 CVE STATUS: Patched CVE SUMMARY: bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1372 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2010-0405 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0405 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2011-4089 CVE STATUS: Patched CVE SUMMARY: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4089 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2023-22895 CVE STATUS: Patched CVE SUMMARY: The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22895 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2000-1137 CVE STATUS: Patched CVE SUMMARY: GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1137 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2006-6939 CVE STATUS: Patched CVE SUMMARY: GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6939 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2008-3916 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3916 LAYER: meta PACKAGE NAME: ed PACKAGE VERSION: 1.20.2 CVE: CVE-2017-5357 CVE STATUS: Patched CVE SUMMARY: regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5357 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2004-2264 CVE STATUS: Patched CVE SUMMARY: Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2264 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2014-9488 CVE STATUS: Patched CVE SUMMARY: The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9488 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2022-46663 CVE STATUS: Patched CVE SUMMARY: In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46663 LAYER: meta PACKAGE NAME: less PACKAGE VERSION: 643 CVE: CVE-2024-32487 CVE STATUS: Patched CVE SUMMARY: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32487 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-7202 CVE STATUS: Patched CVE SUMMARY: stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7202 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-7203 CVE STATUS: Patched CVE SUMMARY: libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7203 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2014-9721 CVE STATUS: Patched CVE SUMMARY: libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9721 LAYER: meta-oe PACKAGE NAME: zeromq PACKAGE VERSION: 4.3.5 CVE: CVE-2021-20236 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20236 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2320 CVE STATUS: Patched CVE SUMMARY: ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2320 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2321 CVE STATUS: Patched CVE SUMMARY: The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2321 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2322 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2322 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-6459 CVE STATUS: Patched CVE SUMMARY: ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6459 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2017-12865 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12865 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26675 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26675 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26676 CVE STATUS: Patched CVE SUMMARY: gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26676 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-33833 CVE STATUS: Patched CVE SUMMARY: ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33833 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23096 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23096 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23097 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23097 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23098 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23098 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32292 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32292 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32293 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32293 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2023-28488 CVE STATUS: Patched CVE SUMMARY: client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28488 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-1999-0473 CVE STATUS: Patched CVE SUMMARY: The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0473 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2002-0048 CVE STATUS: Patched CVE SUMMARY: Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0048 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2002-0080 CVE STATUS: Patched CVE SUMMARY: rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0080 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2003-0962 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0962 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2004-0426 CVE STATUS: Patched CVE SUMMARY: rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0426 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2004-0792 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0792 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2006-2083 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2083 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2007-4091 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4091 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2007-6199 CVE STATUS: Patched CVE SUMMARY: rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6199 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2007-6200 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6200 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2008-1720 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1720 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2011-1097 CVE STATUS: Patched CVE SUMMARY: rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1097 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2014-2855 CVE STATUS: Patched CVE SUMMARY: The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2855 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2014-9512 CVE STATUS: Patched CVE SUMMARY: rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9512 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2017-15994 CVE STATUS: Patched CVE SUMMARY: rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15994 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2017-16548 CVE STATUS: Patched CVE SUMMARY: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16548 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2017-17433 CVE STATUS: Patched CVE SUMMARY: The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17433 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2017-17434 CVE STATUS: Patched CVE SUMMARY: The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17434 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2018-5764 CVE STATUS: Patched CVE SUMMARY: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5764 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2020-14387 CVE STATUS: Patched CVE SUMMARY: A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14387 LAYER: meta PACKAGE NAME: rsync PACKAGE VERSION: 3.2.7 CVE: CVE-2022-29154 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29154 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2005-1039 CVE STATUS: Patched CVE SUMMARY: Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1039 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2008-1946 CVE STATUS: Patched CVE SUMMARY: The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1946 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2009-4135 CVE STATUS: Patched CVE SUMMARY: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4135 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2014-9471 CVE STATUS: Patched CVE SUMMARY: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9471 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2015-1865 CVE STATUS: Patched CVE SUMMARY: fts.c in coreutils 8.4 allows local users to delete arbitrary files. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1865 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2015-4041 CVE STATUS: Patched CVE SUMMARY: The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4041 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2015-4042 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4042 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2016-2781 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. CVE SUMMARY: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2781 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2017-18018 CVE STATUS: Patched CVE SUMMARY: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18018 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.4 CVE: CVE-2024-0684 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0684 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2002-0059 CVE STATUS: Patched CVE SUMMARY: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0059 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2003-0107 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0107 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2004-0797 CVE STATUS: Patched CVE SUMMARY: The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0797 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2005-1849 CVE STATUS: Patched CVE SUMMARY: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1849 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2005-2096 CVE STATUS: Patched CVE SUMMARY: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2096 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9840 CVE STATUS: Patched CVE SUMMARY: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9840 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9841 CVE STATUS: Patched CVE SUMMARY: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9841 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9842 CVE STATUS: Patched CVE SUMMARY: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9842 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9843 CVE STATUS: Patched CVE SUMMARY: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9843 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2022-37434 CVE STATUS: Patched CVE SUMMARY: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2023-45853 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: we don't build minizip CVE SUMMARY: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45853 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2023-6992 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this CVE is for cloudflare zlib CVE SUMMARY: Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6992 LAYER: meta PACKAGE NAME: dbus-glib PACKAGE VERSION: 0.112 CVE: CVE-2010-1172 CVE STATUS: Patched CVE SUMMARY: DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1172 LAYER: meta PACKAGE NAME: dbus-glib PACKAGE VERSION: 0.112 CVE: CVE-2013-0292 CVE STATUS: Patched CVE SUMMARY: The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0292 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2004-2531 CVE STATUS: Patched CVE SUMMARY: X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2531 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2005-1431 CVE STATUS: Patched CVE SUMMARY: The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1431 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-4790 CVE STATUS: Patched CVE SUMMARY: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4790 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-7239 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7239 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1948 CVE STATUS: Patched CVE SUMMARY: The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1948 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1949 CVE STATUS: Patched CVE SUMMARY: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1949 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1950 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1950 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-2377 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2377 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-4989 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4989 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1415 CVE STATUS: Patched CVE SUMMARY: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1415 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1416 CVE STATUS: Patched CVE SUMMARY: lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1416 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1417 CVE STATUS: Patched CVE SUMMARY: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1417 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2409 CVE STATUS: Patched CVE SUMMARY: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2409 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2730 CVE STATUS: Patched CVE SUMMARY: libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2730 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-5138 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5138 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2010-0731 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0731 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2011-4128 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4128 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-0390 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0390 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1573 CVE STATUS: Patched CVE SUMMARY: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1573 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1663 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1663 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-1619 CVE STATUS: Patched CVE SUMMARY: The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1619 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-2116 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2116 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4487 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4487 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-0092 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0092 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-1959 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1959 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3465 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3465 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8155 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8155 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8564 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8564 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0282 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0282 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0294 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0294 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-3308 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3308 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-6251 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6251 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-8313 CVE STATUS: Patched CVE SUMMARY: GnuTLS incorrectly validates the first byte of padding in CBC modes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8313 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-4456 CVE STATUS: Patched CVE SUMMARY: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4456 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-7444 CVE STATUS: Patched CVE SUMMARY: The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7444 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5334 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5334 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5335 CVE STATUS: Patched CVE SUMMARY: The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5335 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5336 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5336 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5337 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5337 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7507 CVE STATUS: Patched CVE SUMMARY: GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7869 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7869 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10844 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10844 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10845 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10845 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10846 CVE STATUS: Patched CVE SUMMARY: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10846 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-16868 CVE STATUS: Patched CVE SUMMARY: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16868 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3829 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3829 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3836 CVE STATUS: Patched CVE SUMMARY: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3836 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-11501 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11501 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-13777 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13777 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-24659 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24659 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20231 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20231 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20232 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20232 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-4209 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4209 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2022-2509 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2509 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-0361 CVE STATUS: Patched CVE SUMMARY: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0361 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-5981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5981 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0553 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0553 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0567 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0567 LAYER: meta PACKAGE NAME: seatd PACKAGE VERSION: 0.8.0 CVE: CVE-2021-41387 CVE STATUS: Patched CVE SUMMARY: seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41387 LAYER: meta PACKAGE NAME: seatd PACKAGE VERSION: 0.8.0 CVE: CVE-2022-25643 CVE STATUS: Patched CVE SUMMARY: seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25643 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2005-4807 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4807 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2005-4808 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4808 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2006-2362 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2362 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2012-3509 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3509 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8484 CVE STATUS: Patched CVE SUMMARY: The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8484 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8485 CVE STATUS: Patched CVE SUMMARY: The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8485 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8501 CVE STATUS: Patched CVE SUMMARY: The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8501 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8502 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8502 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8503 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8503 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8504 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8504 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8737 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8737 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-8738 CVE STATUS: Patched CVE SUMMARY: The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8738 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2014-9939 CVE STATUS: Patched CVE SUMMARY: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12448 CVE STATUS: Patched CVE SUMMARY: The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12448 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12449 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12449 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12450 CVE STATUS: Patched CVE SUMMARY: The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12450 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12451 CVE STATUS: Patched CVE SUMMARY: The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12451 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12452 CVE STATUS: Patched CVE SUMMARY: The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12452 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12453 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12453 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12454 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12454 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12455 CVE STATUS: Patched CVE SUMMARY: The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12455 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12456 CVE STATUS: Patched CVE SUMMARY: The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12456 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12457 CVE STATUS: Patched CVE SUMMARY: The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12457 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12458 CVE STATUS: Patched CVE SUMMARY: The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12458 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12459 CVE STATUS: Patched CVE SUMMARY: The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12459 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12799 CVE STATUS: Patched CVE SUMMARY: The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12799 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-12967 CVE STATUS: Patched CVE SUMMARY: The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12967 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13710 CVE STATUS: Patched CVE SUMMARY: The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13710 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13716 CVE STATUS: Patched CVE SUMMARY: The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13716 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-13757 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13757 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14128 CVE STATUS: Patched CVE SUMMARY: The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14128 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14129 CVE STATUS: Patched CVE SUMMARY: The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14129 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14130 CVE STATUS: Patched CVE SUMMARY: The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14130 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14333 CVE STATUS: Patched CVE SUMMARY: The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14333 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14529 CVE STATUS: Patched CVE SUMMARY: The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14529 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14729 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14729 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14745 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14745 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14930 CVE STATUS: Patched CVE SUMMARY: Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14930 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14932 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14932 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14933 CVE STATUS: Patched CVE SUMMARY: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14933 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14934 CVE STATUS: Patched CVE SUMMARY: process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14934 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14938 CVE STATUS: Patched CVE SUMMARY: _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14938 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14939 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14940 CVE STATUS: Patched CVE SUMMARY: scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14940 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-14974 CVE STATUS: Patched CVE SUMMARY: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14974 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15020 CVE STATUS: Patched CVE SUMMARY: dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15020 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15021 CVE STATUS: Patched CVE SUMMARY: bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15021 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15022 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15022 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15023 CVE STATUS: Patched CVE SUMMARY: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15023 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15024 CVE STATUS: Patched CVE SUMMARY: find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15024 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15025 CVE STATUS: Patched CVE SUMMARY: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15025 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15225 CVE STATUS: Patched CVE SUMMARY: _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15225 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15938 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15938 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15939 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15939 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-15996 CVE STATUS: Patched CVE SUMMARY: elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15996 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16826 CVE STATUS: Patched CVE SUMMARY: The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16826 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16827 CVE STATUS: Patched CVE SUMMARY: The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16827 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16828 CVE STATUS: Patched CVE SUMMARY: The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16828 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16829 CVE STATUS: Patched CVE SUMMARY: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16829 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16830 CVE STATUS: Patched CVE SUMMARY: The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16830 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16831 CVE STATUS: Patched CVE SUMMARY: coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16831 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-16832 CVE STATUS: Patched CVE SUMMARY: The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16832 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17080 CVE STATUS: Patched CVE SUMMARY: elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17080 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17121 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17121 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17122 CVE STATUS: Patched CVE SUMMARY: The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17122 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17123 CVE STATUS: Patched CVE SUMMARY: The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17123 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17124 CVE STATUS: Patched CVE SUMMARY: The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17124 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17125 CVE STATUS: Patched CVE SUMMARY: nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17125 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-17126 CVE STATUS: Patched CVE SUMMARY: The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17126 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6965 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6965 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6966 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6966 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-6969 CVE STATUS: Patched CVE SUMMARY: readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6969 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7209 CVE STATUS: Patched CVE SUMMARY: The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7209 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7210 CVE STATUS: Patched CVE SUMMARY: objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7210 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7223 CVE STATUS: Patched CVE SUMMARY: GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7223 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7224 CVE STATUS: Patched CVE SUMMARY: The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7224 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7225 CVE STATUS: Patched CVE SUMMARY: The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7225 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7226 CVE STATUS: Patched CVE SUMMARY: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7226 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7227 CVE STATUS: Patched CVE SUMMARY: GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7227 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7299 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7299 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7300 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7300 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7301 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7301 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7302 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7302 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7303 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7303 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7304 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7304 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-7614 CVE STATUS: Patched CVE SUMMARY: elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7614 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8392 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8392 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8393 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8393 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8394 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8394 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8395 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8395 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8396 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8396 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8397 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8397 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8398 CVE STATUS: Patched CVE SUMMARY: dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8398 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-8421 CVE STATUS: Patched CVE SUMMARY: The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8421 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9038 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9038 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9039 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9039 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9040 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9040 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9041 CVE STATUS: Patched CVE SUMMARY: GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9041 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9042 CVE STATUS: Patched CVE SUMMARY: readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9042 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9043 CVE STATUS: Patched CVE SUMMARY: readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9043 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9044 CVE STATUS: Patched CVE SUMMARY: The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9044 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9742 CVE STATUS: Patched CVE SUMMARY: The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9742 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9743 CVE STATUS: Patched CVE SUMMARY: The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9743 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9744 CVE STATUS: Patched CVE SUMMARY: The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9744 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9745 CVE STATUS: Patched CVE SUMMARY: The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9745 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9746 CVE STATUS: Patched CVE SUMMARY: The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9746 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9747 CVE STATUS: Patched CVE SUMMARY: The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9747 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9748 CVE STATUS: Patched CVE SUMMARY: The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9748 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9749 CVE STATUS: Patched CVE SUMMARY: The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9749 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9750 CVE STATUS: Patched CVE SUMMARY: opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9750 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9751 CVE STATUS: Patched CVE SUMMARY: opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9751 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9752 CVE STATUS: Patched CVE SUMMARY: bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9752 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9753 CVE STATUS: Patched CVE SUMMARY: The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9753 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9754 CVE STATUS: Patched CVE SUMMARY: The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9754 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9755 CVE STATUS: Patched CVE SUMMARY: opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9755 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9756 CVE STATUS: Patched CVE SUMMARY: The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9756 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9954 CVE STATUS: Patched CVE SUMMARY: The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9954 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2017-9955 CVE STATUS: Patched CVE SUMMARY: The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9955 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-1000876 CVE STATUS: Patched CVE SUMMARY: binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10372 CVE STATUS: Patched CVE SUMMARY: process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10372 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10373 CVE STATUS: Patched CVE SUMMARY: concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10373 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10534 CVE STATUS: Patched CVE SUMMARY: The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10534 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-10535 CVE STATUS: Patched CVE SUMMARY: The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10535 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12641 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12641 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12697 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12697 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12698 CVE STATUS: Patched CVE SUMMARY: demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12698 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12699 CVE STATUS: Patched CVE SUMMARY: finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12699 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-12934 CVE STATUS: Patched CVE SUMMARY: remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12934 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-13033 CVE STATUS: Patched CVE SUMMARY: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13033 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17358 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17358 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17359 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17359 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17360 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17360 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17794 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17794 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-17985 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17985 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18309 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18309 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18483 CVE STATUS: Patched CVE SUMMARY: The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18483 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18484 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18484 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18605 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18605 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18606 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18606 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18607 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18607 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18700 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18700 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-18701 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18701 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-19931 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19931 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-19932 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19932 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20002 CVE STATUS: Patched CVE SUMMARY: The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20002 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20623 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20623 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20651 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20651 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20657 CVE STATUS: Patched CVE SUMMARY: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20657 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20671 CVE STATUS: Patched CVE SUMMARY: load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20671 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20673 CVE STATUS: Patched CVE SUMMARY: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20673 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-20712 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20712 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6323 CVE STATUS: Patched CVE SUMMARY: The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6323 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6543 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6543 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6759 CVE STATUS: Patched CVE SUMMARY: The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6759 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-6872 CVE STATUS: Patched CVE SUMMARY: The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6872 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7208 CVE STATUS: Patched CVE SUMMARY: In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7208 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7568 CVE STATUS: Patched CVE SUMMARY: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7568 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7569 CVE STATUS: Patched CVE SUMMARY: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7569 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7570 CVE STATUS: Patched CVE SUMMARY: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7570 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7642 CVE STATUS: Patched CVE SUMMARY: The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7642 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-7643 CVE STATUS: Patched CVE SUMMARY: The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7643 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-8945 CVE STATUS: Patched CVE SUMMARY: The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8945 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-9138 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9138 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2018-9996 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9996 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-1010204 CVE STATUS: Patched CVE SUMMARY: GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-12972 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12972 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-14250 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14250 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-14444 CVE STATUS: Patched CVE SUMMARY: apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14444 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-17450 CVE STATUS: Patched CVE SUMMARY: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17450 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-17451 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17451 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9070 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9070 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9071 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9071 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9072 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9072 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9073 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9073 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9074 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9074 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9075 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9075 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9076 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9076 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2019-9077 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9077 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16590 CVE STATUS: Patched CVE SUMMARY: A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16590 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16591 CVE STATUS: Patched CVE SUMMARY: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16591 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16592 CVE STATUS: Patched CVE SUMMARY: A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16592 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16593 CVE STATUS: Patched CVE SUMMARY: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16593 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-16599 CVE STATUS: Patched CVE SUMMARY: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16599 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-19724 CVE STATUS: Patched CVE SUMMARY: A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19724 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-19726 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19726 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-21490 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21490 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35342 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35342 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35448 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35448 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35493 CVE STATUS: Patched CVE SUMMARY: A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35493 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35494 CVE STATUS: Patched CVE SUMMARY: There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35494 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35495 CVE STATUS: Patched CVE SUMMARY: There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35495 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35496 CVE STATUS: Patched CVE SUMMARY: There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35496 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2020-35507 CVE STATUS: Patched CVE SUMMARY: There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35507 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20197 CVE STATUS: Patched CVE SUMMARY: There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20197 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20284 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20284 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-20294 CVE STATUS: Patched CVE SUMMARY: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20294 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-32256 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32256 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-3530 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3530 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-3549 CVE STATUS: Patched CVE SUMMARY: An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3549 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-37322 CVE STATUS: Patched CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-45078 CVE STATUS: Patched CVE SUMMARY: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45078 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2021-46174 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46174 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-35205 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35205 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-35206 CVE STATUS: Patched CVE SUMMARY: Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35206 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-38533 CVE STATUS: Patched CVE SUMMARY: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-38533 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-4285 CVE STATUS: Patched CVE SUMMARY: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4285 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-44840 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44840 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-45703 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45703 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47007 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47007 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47008 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47008 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47010 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47010 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47011 CVE STATUS: Patched CVE SUMMARY: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47011 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47673 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47673 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47695 CVE STATUS: Patched CVE SUMMARY: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47695 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-47696 CVE STATUS: Patched CVE SUMMARY: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47696 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48063 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48063 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48064 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48064 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2022-48065 CVE STATUS: Patched CVE SUMMARY: GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48065 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-1579 CVE STATUS: Patched CVE SUMMARY: Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1579 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-1972 CVE STATUS: Patched CVE SUMMARY: A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1972 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25584 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Applies only for version 2.40 and earlier CVE SUMMARY: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25584 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25585 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25585 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25586 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25586 LAYER: meta PACKAGE NAME: binutils PACKAGE VERSION: 2.42 CVE: CVE-2023-25588 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25588 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2014-9748 CVE STATUS: Patched CVE SUMMARY: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9748 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2015-0278 CVE STATUS: Patched CVE SUMMARY: libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0278 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.48.0 CVE: CVE-2024-24806 CVE STATUS: Patched CVE SUMMARY: libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24806 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2008-1686 CVE STATUS: Patched CVE SUMMARY: Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1686 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2020-23903 CVE STATUS: Patched CVE SUMMARY: A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23903 LAYER: meta PACKAGE NAME: speex PACKAGE VERSION: 1.2.1 CVE: CVE-2020-23904 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23904 LAYER: meta PACKAGE NAME: boost PACKAGE VERSION: 1.84.0 CVE: CVE-2008-0171 CVE STATUS: Patched CVE SUMMARY: regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0171 LAYER: meta PACKAGE NAME: boost PACKAGE VERSION: 1.84.0 CVE: CVE-2008-0172 CVE STATUS: Patched CVE SUMMARY: The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0172 LAYER: meta PACKAGE NAME: boost PACKAGE VERSION: 1.84.0 CVE: CVE-2013-0252 CVE STATUS: Patched CVE SUMMARY: boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0252 LAYER: meta PACKAGE NAME: lrzsz PACKAGE VERSION: 0.12.20 CVE: CVE-2018-10195 CVE STATUS: Patched CVE SUMMARY: lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10195 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20532 CVE STATUS: Patched CVE SUMMARY: There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20532 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20533 CVE STATUS: Patched CVE SUMMARY: There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20533 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20534 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20534 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2019-20387 CVE STATUS: Patched CVE SUMMARY: repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20387 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-3200 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3200 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33928 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33928 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33929 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33929 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33930 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33930 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33938 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33938 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-44568 CVE STATUS: Patched CVE SUMMARY: Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44568 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2013-6393 CVE STATUS: Patched CVE SUMMARY: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6393 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-2525 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2525 LAYER: meta-ros-common PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-9130 CVE STATUS: Patched CVE SUMMARY: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9130 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2012-2806 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2806 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2013-6629 CVE STATUS: Patched CVE SUMMARY: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6629 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2014-9092 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9092 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2016-3616 CVE STATUS: Patched CVE SUMMARY: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3616 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-15232 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15232 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-9614 CVE STATUS: Patched CVE SUMMARY: The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9614 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-1152 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1152 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-14498 CVE STATUS: Patched CVE SUMMARY: get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14498 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-19664 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19664 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-20330 CVE STATUS: Patched CVE SUMMARY: The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20330 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2019-13960 CVE STATUS: Patched CVE SUMMARY: In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13960 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-13790 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13790 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-17541 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17541 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-35538 CVE STATUS: Patched CVE SUMMARY: A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35538 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-20205 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20205 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-29390 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29390 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-46822 CVE STATUS: Patched CVE SUMMARY: The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46822 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2023-2804 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2804 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2015-8947 CVE STATUS: Patched CVE SUMMARY: hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8947 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2015-9274 CVE STATUS: Patched CVE SUMMARY: HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9274 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2016-2052 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2052 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2021-45931 CVE STATUS: Patched CVE SUMMARY: HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t::set and hb_set_copy). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45931 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2022-33068 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33068 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2023-25193 CVE STATUS: Patched CVE SUMMARY: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25193 LAYER: meta-tpm PACKAGE NAME: swtpm PACKAGE VERSION: 1_0.8.1 CVE: CVE-2020-28407 CVE STATUS: Patched CVE SUMMARY: In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28407 LAYER: meta-tpm PACKAGE NAME: swtpm PACKAGE VERSION: 1_0.8.1 CVE: CVE-2022-23645 CVE STATUS: Patched CVE SUMMARY: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23645 LAYER: meta PACKAGE NAME: gpgme PACKAGE VERSION: 1.23.2 CVE: CVE-2007-1263 CVE STATUS: Patched CVE SUMMARY: GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1263 LAYER: meta PACKAGE NAME: gpgme PACKAGE VERSION: 1.23.2 CVE: CVE-2014-3564 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3564 LAYER: meta PACKAGE NAME: gpgme PACKAGE VERSION: 1.23.2 CVE: CVE-2020-8945 CVE STATUS: Patched CVE SUMMARY: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8945 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2008-0386 CVE STATUS: Patched CVE SUMMARY: Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0386 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2009-0068 CVE STATUS: Patched CVE SUMMARY: Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0068 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2014-9622 CVE STATUS: Patched CVE SUMMARY: Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9622 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2015-1877 CVE STATUS: Patched CVE SUMMARY: The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1877 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2017-18266 CVE STATUS: Patched CVE SUMMARY: The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18266 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2020-27748 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27748 LAYER: meta PACKAGE NAME: xdg-utils PACKAGE VERSION: 1.1.3 CVE: CVE-2022-4055 CVE STATUS: Patched CVE SUMMARY: When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4055 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2016-10164 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10164 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-44617 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44617 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-46285 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46285 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2022-4883 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4883 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2023-43788 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43788 LAYER: meta PACKAGE NAME: libxpm PACKAGE VERSION: 1_3.5.17 CVE: CVE-2023-43789 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43789 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2008-4316 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4316 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2009-3289 CVE STATUS: Patched CVE SUMMARY: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3289 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2012-0039 CVE STATUS: Patched CVE SUMMARY: GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0039 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16428 CVE STATUS: Patched CVE SUMMARY: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16428 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16429 CVE STATUS: Patched CVE SUMMARY: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16429 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-12450 CVE STATUS: Patched CVE SUMMARY: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12450 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-13012 CVE STATUS: Patched CVE SUMMARY: The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13012 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-9633 CVE STATUS: Patched CVE SUMMARY: gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9633 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-35457 CVE STATUS: Patched CVE SUMMARY: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35457 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-6750 CVE STATUS: Patched CVE SUMMARY: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6750 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27218 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27219 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-28153 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28153 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-3800 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3800 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-29499 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29499 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32611 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32611 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32636 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32636 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32643 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32643 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32665 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2009-0579 CVE STATUS: Patched CVE SUMMARY: Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0579 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2009-0887 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0887 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3316 CVE STATUS: Patched CVE SUMMARY: The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3316 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3430 CVE STATUS: Patched CVE SUMMARY: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3430 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3431 CVE STATUS: Patched CVE SUMMARY: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3431 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3435 CVE STATUS: Patched CVE SUMMARY: The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3435 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3853 CVE STATUS: Patched CVE SUMMARY: pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3853 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4706 CVE STATUS: Patched CVE SUMMARY: The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4706 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4707 CVE STATUS: Patched CVE SUMMARY: The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4707 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4708 CVE STATUS: Patched CVE SUMMARY: The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4708 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2011-3148 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3148 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2011-3149 CVE STATUS: Patched CVE SUMMARY: The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3149 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2014-2583 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2583 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2015-3238 CVE STATUS: Patched CVE SUMMARY: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3238 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2018-17953 CVE STATUS: Patched CVE SUMMARY: A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17953 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2020-27780 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27780 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2022-28321 CVE STATUS: Patched CVE SUMMARY: The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28321 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2024-10041 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-10041 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2024-22365 CVE STATUS: Patched CVE SUMMARY: linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22365 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3627 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3627 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3628 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3628 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3630 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3630 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-3631 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3631 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4330 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4330 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4331 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4331 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4332 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4332 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4333 CVE STATUS: Patched CVE SUMMARY: The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4333 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4574 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4574 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-4805 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4805 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5468 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5468 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5469 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5469 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5595 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5595 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2006-5740 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5740 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0456 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0456 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0457 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0457 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0458 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0458 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-0459 CVE STATUS: Patched CVE SUMMARY: packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0459 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3389 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3389 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3390 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3390 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3391 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3391 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3392 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3392 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-3393 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3393 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6111 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6111 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6112 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6112 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6113 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6113 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6114 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6115 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6115 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6116 CVE STATUS: Patched CVE SUMMARY: The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6116 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6117 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6117 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6118 CVE STATUS: Patched CVE SUMMARY: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6118 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6119 CVE STATUS: Patched CVE SUMMARY: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6119 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6120 CVE STATUS: Patched CVE SUMMARY: The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6120 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6121 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6121 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6438 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6438 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6439 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6439 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6441 CVE STATUS: Patched CVE SUMMARY: The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6441 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6450 CVE STATUS: Patched CVE SUMMARY: The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6450 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2007-6451 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6451 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1070 CVE STATUS: Patched CVE SUMMARY: The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1070 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1071 CVE STATUS: Patched CVE SUMMARY: The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1071 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1072 CVE STATUS: Patched CVE SUMMARY: The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1072 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1561 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1562 CVE STATUS: Patched CVE SUMMARY: The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-1563 CVE STATUS: Patched CVE SUMMARY: The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3137 CVE STATUS: Patched CVE SUMMARY: The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3137 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3138 CVE STATUS: Patched CVE SUMMARY: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3138 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3139 CVE STATUS: Patched CVE SUMMARY: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3139 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3140 CVE STATUS: Patched CVE SUMMARY: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3140 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3141 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3141 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3145 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3145 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3146 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3146 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3932 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3932 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3933 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3933 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-3934 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3934 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4680 CVE STATUS: Patched CVE SUMMARY: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4680 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4681 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4681 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4682 CVE STATUS: Patched CVE SUMMARY: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4682 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4683 CVE STATUS: Patched CVE SUMMARY: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4683 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4684 CVE STATUS: Patched CVE SUMMARY: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4684 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-4685 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4685 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-5285 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2008-6472 CVE STATUS: Patched CVE SUMMARY: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6472 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0599 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0599 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0600 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0600 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-0601 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0601 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1210 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1210 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1266 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1267 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1267 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1268 CVE STATUS: Patched CVE SUMMARY: The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1268 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1269 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1269 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-1829 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1829 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2559 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2560 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2561 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2562 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-2563 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3241 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3241 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3242 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3242 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3243 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3243 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3549 CVE STATUS: Patched CVE SUMMARY: packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3549 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3550 CVE STATUS: Patched CVE SUMMARY: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3550 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3551 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3551 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-3829 CVE STATUS: Patched CVE SUMMARY: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3829 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4376 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4376 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4377 CVE STATUS: Patched CVE SUMMARY: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4377 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2009-4378 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4378 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-0304 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0304 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-1455 CVE STATUS: Patched CVE SUMMARY: The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1455 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2283 CVE STATUS: Patched CVE SUMMARY: The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2283 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2284 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2284 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2285 CVE STATUS: Patched CVE SUMMARY: The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2286 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2286 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2287 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2287 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2992 CVE STATUS: Patched CVE SUMMARY: packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2992 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2993 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2993 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2994 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2994 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-2995 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2995 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-3133 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3133 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-3445 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3445 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4300 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4300 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4301 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4301 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2010-4538 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4538 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0024 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0024 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0444 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0444 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0445 CVE STATUS: Patched CVE SUMMARY: The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0445 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0538 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0538 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-0713 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1138 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1138 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1139 CVE STATUS: Patched CVE SUMMARY: wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1139 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1140 CVE STATUS: Patched CVE SUMMARY: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1140 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1141 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1141 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1142 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1142 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1143 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1143 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1590 CVE STATUS: Patched CVE SUMMARY: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1590 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1591 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1591 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1592 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1592 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1956 CVE STATUS: Patched CVE SUMMARY: The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1956 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1957 CVE STATUS: Patched CVE SUMMARY: The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1957 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1958 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1958 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-1959 CVE STATUS: Patched CVE SUMMARY: The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1959 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2174 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2175 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2175 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2597 CVE STATUS: Patched CVE SUMMARY: The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2597 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-2698 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2698 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3266 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3360 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3360 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3482 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3482 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3483 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3483 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-3484 CVE STATUS: Patched CVE SUMMARY: The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3484 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4100 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4100 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4101 CVE STATUS: Patched CVE SUMMARY: The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4101 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2011-4102 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4102 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0041 CVE STATUS: Patched CVE SUMMARY: The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0041 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0042 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0042 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0043 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0043 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0066 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0066 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0067 CVE STATUS: Patched CVE SUMMARY: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0067 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-0068 CVE STATUS: Patched CVE SUMMARY: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0068 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1593 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1593 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1594 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1594 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1595 CVE STATUS: Patched CVE SUMMARY: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1595 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-1596 CVE STATUS: Patched CVE SUMMARY: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1596 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2392 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2392 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2393 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2393 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-2394 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2394 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3548 CVE STATUS: Patched CVE SUMMARY: The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3548 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3825 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3825 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-3826 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3826 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4048 CVE STATUS: Patched CVE SUMMARY: The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4048 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4049 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4049 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4285 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4285 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4286 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4286 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4287 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4287 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4288 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4288 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4289 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4289 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4290 CVE STATUS: Patched CVE SUMMARY: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4290 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4291 CVE STATUS: Patched CVE SUMMARY: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4291 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4292 CVE STATUS: Patched CVE SUMMARY: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4292 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4293 CVE STATUS: Patched CVE SUMMARY: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4293 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4294 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4294 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4295 CVE STATUS: Patched CVE SUMMARY: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4295 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4296 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4296 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4297 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4297 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-4298 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4298 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5237 CVE STATUS: Patched CVE SUMMARY: The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5237 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5238 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5238 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-5240 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5240 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6052 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6052 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6053 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6053 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6054 CVE STATUS: Patched CVE SUMMARY: The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6054 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6055 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6055 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6056 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6056 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6057 CVE STATUS: Patched CVE SUMMARY: The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6057 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6058 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6058 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6059 CVE STATUS: Patched CVE SUMMARY: The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6059 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6060 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6060 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6061 CVE STATUS: Patched CVE SUMMARY: The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6061 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2012-6062 CVE STATUS: Patched CVE SUMMARY: The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6062 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1572 CVE STATUS: Patched CVE SUMMARY: The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1572 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1573 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1573 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1574 CVE STATUS: Patched CVE SUMMARY: The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1574 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1575 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1575 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1576 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1576 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1577 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1577 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1578 CVE STATUS: Patched CVE SUMMARY: The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1578 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1579 CVE STATUS: Patched CVE SUMMARY: The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1579 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1580 CVE STATUS: Patched CVE SUMMARY: The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1580 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1581 CVE STATUS: Patched CVE SUMMARY: The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1581 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1582 CVE STATUS: Patched CVE SUMMARY: The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1582 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1583 CVE STATUS: Patched CVE SUMMARY: The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1583 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1584 CVE STATUS: Patched CVE SUMMARY: The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1584 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1585 CVE STATUS: Patched CVE SUMMARY: epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1585 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1586 CVE STATUS: Patched CVE SUMMARY: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1586 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1587 CVE STATUS: Patched CVE SUMMARY: The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1587 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1588 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1588 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1589 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1589 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-1590 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1590 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2475 CVE STATUS: Patched CVE SUMMARY: The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2475 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2476 CVE STATUS: Patched CVE SUMMARY: The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2476 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2477 CVE STATUS: Patched CVE SUMMARY: The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2477 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2478 CVE STATUS: Patched CVE SUMMARY: The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2478 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2479 CVE STATUS: Patched CVE SUMMARY: The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2479 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2480 CVE STATUS: Patched CVE SUMMARY: The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2480 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2481 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2481 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2482 CVE STATUS: Patched CVE SUMMARY: The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2482 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2483 CVE STATUS: Patched CVE SUMMARY: The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2483 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2484 CVE STATUS: Patched CVE SUMMARY: The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2484 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2485 CVE STATUS: Patched CVE SUMMARY: The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2485 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2486 CVE STATUS: Patched CVE SUMMARY: The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2486 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2487 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2487 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-2488 CVE STATUS: Patched CVE SUMMARY: The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2488 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3555 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3555 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3556 CVE STATUS: Patched CVE SUMMARY: The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3556 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3557 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3557 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3558 CVE STATUS: Patched CVE SUMMARY: The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3558 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3559 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3560 CVE STATUS: Patched CVE SUMMARY: The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3561 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-3562 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4074 CVE STATUS: Patched CVE SUMMARY: The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4074 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4075 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4075 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4076 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4076 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4077 CVE STATUS: Patched CVE SUMMARY: Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4077 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4078 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4078 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4079 CVE STATUS: Patched CVE SUMMARY: The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4079 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4080 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4080 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4081 CVE STATUS: Patched CVE SUMMARY: The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4081 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4082 CVE STATUS: Patched CVE SUMMARY: The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4082 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4083 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4920 CVE STATUS: Patched CVE SUMMARY: The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4920 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4921 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4921 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4922 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4922 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4923 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4923 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4924 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4924 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4925 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4925 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4926 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4926 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4927 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4927 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4928 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4928 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4929 CVE STATUS: Patched CVE SUMMARY: The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4929 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4930 CVE STATUS: Patched CVE SUMMARY: The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4930 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4931 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4931 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4932 CVE STATUS: Patched CVE SUMMARY: Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4932 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4933 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4933 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4934 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4934 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4935 CVE STATUS: Patched CVE SUMMARY: The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4935 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-4936 CVE STATUS: Patched CVE SUMMARY: The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4936 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5717 CVE STATUS: Patched CVE SUMMARY: The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5718 CVE STATUS: Patched CVE SUMMARY: The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5719 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5720 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5720 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5721 CVE STATUS: Patched CVE SUMMARY: The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-5722 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5722 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6336 CVE STATUS: Patched CVE SUMMARY: The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6337 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6337 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6338 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6338 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6339 CVE STATUS: Patched CVE SUMMARY: The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6339 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-6340 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6340 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7112 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7112 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7113 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7113 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2013-7114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7114 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2281 CVE STATUS: Patched CVE SUMMARY: The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2281 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2282 CVE STATUS: Patched CVE SUMMARY: The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2282 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2283 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2283 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2299 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2299 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-2907 CVE STATUS: Patched CVE SUMMARY: The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2907 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-4020 CVE STATUS: Patched CVE SUMMARY: The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4020 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-4174 CVE STATUS: Patched CVE SUMMARY: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5161 CVE STATUS: Patched CVE SUMMARY: The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5161 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5162 CVE STATUS: Patched CVE SUMMARY: The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5162 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5163 CVE STATUS: Patched CVE SUMMARY: The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5163 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5164 CVE STATUS: Patched CVE SUMMARY: The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5164 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-5165 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5165 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6421 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6422 CVE STATUS: Patched CVE SUMMARY: The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6422 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6423 CVE STATUS: Patched CVE SUMMARY: The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6423 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6424 CVE STATUS: Patched CVE SUMMARY: The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6424 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6425 CVE STATUS: Patched CVE SUMMARY: The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6425 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6426 CVE STATUS: Patched CVE SUMMARY: The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6426 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6427 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6427 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6428 CVE STATUS: Patched CVE SUMMARY: The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6428 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6429 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6429 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6430 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6430 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6431 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6431 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-6432 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6432 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8710 CVE STATUS: Patched CVE SUMMARY: The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8710 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8711 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8711 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8712 CVE STATUS: Patched CVE SUMMARY: The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8712 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8713 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2014-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8714 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0559 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0559 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0560 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0560 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0561 CVE STATUS: Patched CVE SUMMARY: asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0561 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0562 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0562 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0563 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0563 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-0564 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0564 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2187 CVE STATUS: Patched CVE SUMMARY: The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2187 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2188 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2188 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2189 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2189 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2190 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2191 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-2192 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2192 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3182 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3182 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3808 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3808 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3809 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3809 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3810 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3810 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3811 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3811 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3812 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3812 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3813 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3813 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3814 CVE STATUS: Patched CVE SUMMARY: The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3814 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3815 CVE STATUS: Patched CVE SUMMARY: The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3815 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-3906 CVE STATUS: Patched CVE SUMMARY: The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3906 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-4651 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4651 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-4652 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4652 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6241 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6241 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6242 CVE STATUS: Patched CVE SUMMARY: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6242 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6243 CVE STATUS: Patched CVE SUMMARY: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6243 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6244 CVE STATUS: Patched CVE SUMMARY: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6244 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6245 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6245 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6246 CVE STATUS: Patched CVE SUMMARY: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6246 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6247 CVE STATUS: Patched CVE SUMMARY: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6247 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6248 CVE STATUS: Patched CVE SUMMARY: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6248 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-6249 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6249 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-7830 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7830 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8711 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8711 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8712 CVE STATUS: Patched CVE SUMMARY: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8712 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8713 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8713 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8714 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8715 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8715 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8716 CVE STATUS: Patched CVE SUMMARY: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8716 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8717 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8718 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8719 CVE STATUS: Patched CVE SUMMARY: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8720 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8720 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8721 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8722 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8722 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8723 CVE STATUS: Patched CVE SUMMARY: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8723 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8724 CVE STATUS: Patched CVE SUMMARY: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8724 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8725 CVE STATUS: Patched CVE SUMMARY: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8725 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8726 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8726 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8727 CVE STATUS: Patched CVE SUMMARY: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8727 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8728 CVE STATUS: Patched CVE SUMMARY: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8728 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8729 CVE STATUS: Patched CVE SUMMARY: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8729 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8730 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8730 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8731 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8731 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8732 CVE STATUS: Patched CVE SUMMARY: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8732 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8733 CVE STATUS: Patched CVE SUMMARY: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8733 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8734 CVE STATUS: Patched CVE SUMMARY: The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8734 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8735 CVE STATUS: Patched CVE SUMMARY: The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8735 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8736 CVE STATUS: Patched CVE SUMMARY: The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8736 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8737 CVE STATUS: Patched CVE SUMMARY: The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8737 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8738 CVE STATUS: Patched CVE SUMMARY: The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8738 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8739 CVE STATUS: Patched CVE SUMMARY: The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8739 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8740 CVE STATUS: Patched CVE SUMMARY: The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8740 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8741 CVE STATUS: Patched CVE SUMMARY: The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8741 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2015-8742 CVE STATUS: Patched CVE SUMMARY: The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8742 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2521 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2521 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2522 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2522 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2523 CVE STATUS: Patched CVE SUMMARY: The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2523 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2524 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2524 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2525 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2525 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2526 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2526 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2527 CVE STATUS: Patched CVE SUMMARY: wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2527 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2528 CVE STATUS: Patched CVE SUMMARY: The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2528 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2529 CVE STATUS: Patched CVE SUMMARY: The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2529 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2530 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2530 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2531 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2531 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-2532 CVE STATUS: Patched CVE SUMMARY: The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2532 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4006 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4006 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4076 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4076 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4077 CVE STATUS: Patched CVE SUMMARY: epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4077 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4078 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4078 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4079 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4079 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4080 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4080 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4081 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4081 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4082 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4082 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4083 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4084 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4084 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4085 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4085 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4415 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4415 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4416 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4416 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4417 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4418 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4419 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4420 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-4421 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5350 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5350 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5351 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5351 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5352 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5352 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5353 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5353 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5354 CVE STATUS: Patched CVE SUMMARY: The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5355 CVE STATUS: Patched CVE SUMMARY: wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5355 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5356 CVE STATUS: Patched CVE SUMMARY: wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5356 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5357 CVE STATUS: Patched CVE SUMMARY: wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5357 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5358 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5358 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-5359 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5359 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6503 CVE STATUS: Patched CVE SUMMARY: The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6503 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6504 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6504 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6505 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6505 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6506 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6506 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6507 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6507 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6508 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6508 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6509 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6509 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6510 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6510 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6511 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6511 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6512 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6512 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-6513 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6513 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7175 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7175 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7176 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7176 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7177 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7177 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7178 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7178 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7179 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7179 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7180 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7180 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7957 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7957 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-7958 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7958 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9372 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9372 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9373 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9373 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9374 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9374 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9375 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9375 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2016-9376 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9376 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11406 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11406 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11407 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11407 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11408 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11408 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11409 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11409 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11410 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11410 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-11411 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11411 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13764 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13764 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13765 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13765 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13766 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-13767 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13767 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15189 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15189 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15190 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15191 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15192 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15192 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-15193 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15193 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17083 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17083 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17084 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17084 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17085 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17085 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17935 CVE STATUS: Patched CVE SUMMARY: The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17935 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-17997 CVE STATUS: Patched CVE SUMMARY: In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17997 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-5596 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5596 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-5597 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5597 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6014 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6014 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6467 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6467 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6468 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6468 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6469 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6469 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6470 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6470 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6471 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6471 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6472 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6472 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6473 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6473 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-6474 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6474 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7700 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7700 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7701 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7701 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7702 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7702 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7703 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7703 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7704 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7704 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7705 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7705 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7745 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7745 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7746 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7746 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7747 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7747 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-7748 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7748 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9343 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9345 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9345 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9346 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9346 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9347 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9347 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9348 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9348 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9349 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9349 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9350 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9350 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9351 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9351 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9352 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9352 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9353 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9353 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9616 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9616 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9617 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9617 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2017-9766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9766 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11354 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11355 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11355 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11356 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11356 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11357 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11357 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11358 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11358 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11359 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11359 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11360 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11360 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11361 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11361 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-11362 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11362 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14339 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14339 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14340 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14340 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14341 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14341 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14342 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14342 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14343 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14367 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14367 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14368 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14368 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14369 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14369 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14370 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14370 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-14438 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14438 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16056 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16056 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16057 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16057 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-16058 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16058 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18225 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18225 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18226 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18226 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-18227 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18227 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19622 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19622 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19623 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19623 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19624 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19624 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19625 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19625 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19626 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19626 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19627 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19627 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-19628 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19628 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5334 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5335 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-5336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-6836 CVE STATUS: Patched CVE SUMMARY: The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6836 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7320 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7320 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7321 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7321 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7322 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7322 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7323 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7323 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7324 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7324 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7325 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7325 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7326 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7326 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7327 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7327 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7328 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7328 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7329 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7329 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7330 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7330 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7331 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7331 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7332 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7332 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7333 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7333 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7334 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7335 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7336 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7337 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7337 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7417 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7418 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7419 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7420 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-7421 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9256 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9256 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9257 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9257 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9258 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9258 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9259 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9259 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9260 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9260 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9261 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9261 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9262 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9262 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9263 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9263 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9264 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9264 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9265 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9265 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9266 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9266 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9267 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9267 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9268 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9268 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9269 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9269 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9270 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9270 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9271 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9271 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9272 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9272 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9273 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9273 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2018-9274 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9274 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10894 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10894 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10895 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10895 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10896 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10896 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10897 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10897 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10898 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10898 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10899 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10899 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10900 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10900 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10901 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10901 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10902 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10902 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-10903 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10903 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-12295 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12295 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-13619 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13619 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-16319 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16319 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-19553 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19553 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5716 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5716 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5717 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5717 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5718 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5718 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5719 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5719 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-5721 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5721 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9208 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9208 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9209 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9209 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2019-9214 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9214 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-11647 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11647 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-13164 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13164 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-15466 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15466 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-17498 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17498 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25862 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25862 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25863 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25863 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-25866 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25866 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26418 CVE STATUS: Patched CVE SUMMARY: Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26418 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26419 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26419 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26420 CVE STATUS: Patched CVE SUMMARY: Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26420 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26421 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26421 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26422 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26422 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-26575 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26575 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-28030 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28030 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-7044 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7044 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-7045 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7045 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9428 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9428 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9429 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9429 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9430 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9430 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-9431 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9431 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22173 CVE STATUS: Patched CVE SUMMARY: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22173 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22174 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22191 CVE STATUS: Patched CVE SUMMARY: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22191 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22207 CVE STATUS: Patched CVE SUMMARY: Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22207 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22222 CVE STATUS: Patched CVE SUMMARY: Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22222 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-22235 CVE STATUS: Patched CVE SUMMARY: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22235 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39920 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39920 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39921 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39921 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39922 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39922 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39923 CVE STATUS: Patched CVE SUMMARY: Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39923 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39924 CVE STATUS: Patched CVE SUMMARY: Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39924 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39925 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39925 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39926 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39926 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39928 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39928 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-39929 CVE STATUS: Patched CVE SUMMARY: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39929 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4181 CVE STATUS: Patched CVE SUMMARY: Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4181 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4182 CVE STATUS: Patched CVE SUMMARY: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4182 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4183 CVE STATUS: Patched CVE SUMMARY: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4183 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4184 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4184 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4185 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4185 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4186 CVE STATUS: Patched CVE SUMMARY: Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4186 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2021-4190 CVE STATUS: Patched CVE SUMMARY: Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0581 CVE STATUS: Patched CVE SUMMARY: Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0581 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0582 CVE STATUS: Patched CVE SUMMARY: Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0582 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0583 CVE STATUS: Patched CVE SUMMARY: Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0583 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0585 CVE STATUS: Patched CVE SUMMARY: Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0585 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-0586 CVE STATUS: Patched CVE SUMMARY: Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0586 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3190 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3190 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3724 CVE STATUS: Patched CVE SUMMARY: Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3724 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-3725 CVE STATUS: Patched CVE SUMMARY: Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3725 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-4344 CVE STATUS: Patched CVE SUMMARY: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4344 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2022-4345 CVE STATUS: Patched CVE SUMMARY: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4345 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0411 CVE STATUS: Patched CVE SUMMARY: Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0411 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0412 CVE STATUS: Patched CVE SUMMARY: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0412 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0413 CVE STATUS: Patched CVE SUMMARY: Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0413 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0414 CVE STATUS: Patched CVE SUMMARY: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0414 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0415 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0415 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0416 CVE STATUS: Patched CVE SUMMARY: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0416 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0417 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0666 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0666 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0667 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0667 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-0668 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0668 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1161 CVE STATUS: Patched CVE SUMMARY: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1161 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1992 CVE STATUS: Patched CVE SUMMARY: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1992 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1993 CVE STATUS: Patched CVE SUMMARY: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1993 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-1994 CVE STATUS: Patched CVE SUMMARY: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1994 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2854 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2854 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2855 CVE STATUS: Patched CVE SUMMARY: Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2855 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2856 CVE STATUS: Patched CVE SUMMARY: VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2856 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2857 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2857 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2858 CVE STATUS: Patched CVE SUMMARY: NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2858 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2879 CVE STATUS: Patched CVE SUMMARY: GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2879 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2906 CVE STATUS: Patched CVE SUMMARY: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2906 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-2952 CVE STATUS: Patched CVE SUMMARY: XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2952 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-3648 CVE STATUS: Patched CVE SUMMARY: Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3648 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-3649 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3649 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4511 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4511 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4512 CVE STATUS: Patched CVE SUMMARY: CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4512 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-4513 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4513 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-5371 CVE STATUS: Patched CVE SUMMARY: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5371 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2023-6174 CVE STATUS: Patched CVE SUMMARY: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6174 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0207 CVE STATUS: Patched CVE SUMMARY: HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0207 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0208 CVE STATUS: Patched CVE SUMMARY: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0208 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0209 CVE STATUS: Patched CVE SUMMARY: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0209 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0210 CVE STATUS: Patched CVE SUMMARY: Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0210 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-0211 CVE STATUS: Patched CVE SUMMARY: DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0211 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-8250 CVE STATUS: Patched CVE SUMMARY: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8250 LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-9780 CVE STATUS: Patched CVE SUMMARY: ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9780 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2005-4889 CVE STATUS: Patched CVE SUMMARY: lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4889 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2010-2059 CVE STATUS: Patched CVE SUMMARY: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2059 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2010-2197 CVE STATUS: Patched CVE SUMMARY: rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2197 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2010-2198 CVE STATUS: Patched CVE SUMMARY: lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2198 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2010-2199 CVE STATUS: Patched CVE SUMMARY: lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2199 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2011-3378 CVE STATUS: Patched CVE SUMMARY: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3378 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2012-0060 CVE STATUS: Patched CVE SUMMARY: RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0060 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2012-0061 CVE STATUS: Patched CVE SUMMARY: The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0061 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2012-0815 CVE STATUS: Patched CVE SUMMARY: The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0815 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2012-6088 CVE STATUS: Patched CVE SUMMARY: The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6088 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2013-6435 CVE STATUS: Patched CVE SUMMARY: Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6435 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2014-8118 CVE STATUS: Patched CVE SUMMARY: Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8118 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2017-7500 CVE STATUS: Patched CVE SUMMARY: It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7500 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2017-7501 CVE STATUS: Patched CVE SUMMARY: It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7501 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-20266 CVE STATUS: Patched CVE SUMMARY: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20266 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-20271 CVE STATUS: Patched CVE SUMMARY: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20271 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-3421 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3421 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-3521 CVE STATUS: Patched CVE SUMMARY: There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3521 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-35937 CVE STATUS: Patched CVE SUMMARY: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35937 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-35938 CVE STATUS: Patched CVE SUMMARY: A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35938 LAYER: meta PACKAGE NAME: rpm PACKAGE VERSION: 1_4.19.1.1 CVE: CVE-2021-35939 CVE STATUS: Patched CVE SUMMARY: It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35939 LAYER: meta PACKAGE NAME: gmp PACKAGE VERSION: 6.3.0 CVE: CVE-2021-43618 CVE STATUS: Patched CVE SUMMARY: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43618 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2021-3570 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3570 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2021-3571 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3571 LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2024-42861 CVE STATUS: Unpatched CVE SUMMARY: An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-42861 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2020-15157 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15157 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2020-15257 CVE STATUS: Patched CVE SUMMARY: containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15257 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-21334 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21334 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-32760 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32760 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-41103 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41103 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2021-43816 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43816 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-23471 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23471 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-23648 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23648 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2022-31030 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31030 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2023-25153 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25153 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v2.0.0-beta.0+git CVE: CVE-2023-25173 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25173 LAYER: meta PACKAGE NAME: base-files PACKAGE VERSION: 3.0.14 CVE: CVE-2018-6557 CVE STATUS: Patched CVE SUMMARY: The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6557 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2006-4447 CVE STATUS: Patched CVE SUMMARY: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4447 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2007-4730 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4730 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2007-6427 CVE STATUS: Patched CVE SUMMARY: The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6427 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2011-4028 CVE STATUS: Patched CVE SUMMARY: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4028 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2011-4029 CVE STATUS: Patched CVE SUMMARY: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4029 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2011-4613 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: This is specific to Debian's xserver-wrapper.c CVE SUMMARY: The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4613 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8091 CVE STATUS: Patched CVE SUMMARY: X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8091 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8092 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8092 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8093 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8093 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8094 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8094 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8095 CVE STATUS: Patched CVE SUMMARY: The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8095 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8096 CVE STATUS: Patched CVE SUMMARY: The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8096 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8097 CVE STATUS: Patched CVE SUMMARY: The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8097 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8098 CVE STATUS: Patched CVE SUMMARY: The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8098 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8099 CVE STATUS: Patched CVE SUMMARY: The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8099 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8100 CVE STATUS: Patched CVE SUMMARY: The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8100 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8101 CVE STATUS: Patched CVE SUMMARY: The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8101 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8102 CVE STATUS: Patched CVE SUMMARY: The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8102 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2014-8103 CVE STATUS: Patched CVE SUMMARY: X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8103 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2015-0255 CVE STATUS: Patched CVE SUMMARY: X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0255 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2015-3164 CVE STATUS: Patched CVE SUMMARY: The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3164 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2015-3418 CVE STATUS: Patched CVE SUMMARY: The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3418 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-10971 CVE STATUS: Patched CVE SUMMARY: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10971 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-10972 CVE STATUS: Patched CVE SUMMARY: Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10972 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12176 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12176 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12177 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12177 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12178 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12178 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12179 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12179 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12180 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12180 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12181 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12181 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12182 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12182 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12183 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12183 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12184 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12184 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12185 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12185 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12186 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12186 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-12187 CVE STATUS: Patched CVE SUMMARY: xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12187 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-13721 CVE STATUS: Patched CVE SUMMARY: In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13721 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-13723 CVE STATUS: Patched CVE SUMMARY: In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13723 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2017-2624 CVE STATUS: Patched CVE SUMMARY: It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2624 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2018-14665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14665 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2019-17624 CVE STATUS: Patched CVE SUMMARY: "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17624 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14345 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14345 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14346 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14346 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14347 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14347 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14360 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14360 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14361 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14361 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-14362 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14362 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-25697 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: As per upstream, exploiting this flaw is non-trivial and it requires exact timing on the behalf of the attacker. Many graphical applications exit if their connection to the X server is lost, so a typical desktop session is either impossible or difficult to exploit. There is currently no upstream patch available for this flaw. CVE SUMMARY: A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25697 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2020-25712 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25712 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2021-3472 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3472 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2021-4008 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4008 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2021-4009 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4009 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2021-4010 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4010 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2021-4011 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4011 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-2319 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2319 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-2320 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2320 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-3550 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3550 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-3551 CVE STATUS: Patched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3551 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-3553 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This is specific to XQuartz, which is the macOS X server port CVE SUMMARY: A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3553 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-4283 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4283 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-46340 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46340 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-46341 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46341 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-46342 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46342 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-46343 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46343 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2022-46344 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46344 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-0494 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0494 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-1393 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1393 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-5367 CVE STATUS: Patched CVE SUMMARY: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5367 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-5380 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5380 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-5574 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: specific to Xvfb CVE SUMMARY: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5574 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-6377 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6377 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-6478 CVE STATUS: Patched CVE SUMMARY: A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6478 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2023-6816 CVE STATUS: Patched CVE SUMMARY: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6816 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2024-0229 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0229 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2024-0408 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0408 LAYER: meta PACKAGE NAME: xserver-xorg PACKAGE VERSION: 2_21.1.13 CVE: CVE-2024-0409 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0409 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-1351 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1351 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-1352 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. CVSS v2 BASE SCORE: 3.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:S/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1352 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2007-5199 CVE STATUS: Patched CVE SUMMARY: A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5199 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2011-2895 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2895 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2013-6462 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6462 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0209 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0209 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0210 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0210 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2014-0211 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0211 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1802 CVE STATUS: Patched CVE SUMMARY: The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1802 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1803 CVE STATUS: Patched CVE SUMMARY: The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1803 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2015-1804 CVE STATUS: Patched CVE SUMMARY: The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1804 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-13720 CVE STATUS: Patched CVE SUMMARY: In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13720 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-13722 CVE STATUS: Patched CVE SUMMARY: In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13722 LAYER: meta PACKAGE NAME: libxfont2 PACKAGE VERSION: 2.0.6 CVE: CVE-2017-16611 CVE STATUS: Patched CVE SUMMARY: In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16611 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-2288 CVE STATUS: Patched CVE SUMMARY: Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2288 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-2289 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2289 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-5461 CVE STATUS: Patched CVE SUMMARY: Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5461 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-6870 CVE STATUS: Patched CVE SUMMARY: The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6870 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2007-3372 CVE STATUS: Patched CVE SUMMARY: The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3372 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2008-5081 CVE STATUS: Patched CVE SUMMARY: The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5081 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2010-2244 CVE STATUS: Patched CVE SUMMARY: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2244 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2011-1002 CVE STATUS: Patched CVE SUMMARY: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1002 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2017-6519 CVE STATUS: Patched CVE SUMMARY: avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6519 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-26720 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only affects Debian/SUSE CVE SUMMARY: avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26720 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-3468 CVE STATUS: Patched CVE SUMMARY: A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3468 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-3502 CVE STATUS: Patched CVE SUMMARY: A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3502 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-1981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1981 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38469 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38469 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38470 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38470 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38471 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38471 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38472 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38472 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38473 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38473 LAYER: meta PACKAGE NAME: libice PACKAGE VERSION: 1_1.1.1 CVE: CVE-2017-2626 CVE STATUS: Patched CVE SUMMARY: It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2626 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2000-0536 CVE STATUS: Patched CVE SUMMARY: xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0536 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-0825 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0825 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-1322 CVE STATUS: Patched CVE SUMMARY: xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1322 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-1389 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1389 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2002-0871 CVE STATUS: Patched CVE SUMMARY: xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0871 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2003-0211 CVE STATUS: Patched CVE SUMMARY: Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0211 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2012-0862 CVE STATUS: Patched CVE SUMMARY: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0862 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2013-4342 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed directly in git tree revision CVE SUMMARY: xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4342 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2002-1602 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1602 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2003-0972 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0972 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2006-4573 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4573 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2007-3048 CVE STATUS: Patched CVE SUMMARY: GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3048 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2009-1214 CVE STATUS: Patched CVE SUMMARY: GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1214 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2017-5618 CVE STATUS: Patched CVE SUMMARY: GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5618 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2020-9366 CVE STATUS: Patched CVE SUMMARY: A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9366 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2021-26937 CVE STATUS: Patched CVE SUMMARY: encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26937 LAYER: meta PACKAGE NAME: screen PACKAGE VERSION: 4.9.1 CVE: CVE-2023-24626 CVE STATUS: Patched CVE SUMMARY: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24626 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0803 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0803 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0804 CVE STATUS: Patched CVE SUMMARY: Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0804 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0886 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0886 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-0929 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0929 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1183 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1183 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1307 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1307 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2004-1308 CVE STATUS: Patched CVE SUMMARY: Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1308 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2005-1544 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1544 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2005-2452 CVE STATUS: Patched CVE SUMMARY: libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2452 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-0405 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0405 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2024 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2024 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2025 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2025 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2026 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2026 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2120 CVE STATUS: Patched CVE SUMMARY: The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2120 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2193 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2193 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-2656 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2656 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3459 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3459 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3460 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3460 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3461 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3461 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3462 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3462 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3463 CVE STATUS: Patched CVE SUMMARY: The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3463 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3464 CVE STATUS: Patched CVE SUMMARY: TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3464 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2006-3465 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3465 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2008-2327 CVE STATUS: Patched CVE SUMMARY: Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2327 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-2285 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2285 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-2347 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2347 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2009-5022 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5022 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2065 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2065 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2067 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2067 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2233 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2233 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2443 CVE STATUS: Patched CVE SUMMARY: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2443 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2481 CVE STATUS: Patched CVE SUMMARY: The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2481 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2482 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2482 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2483 CVE STATUS: Patched CVE SUMMARY: The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2483 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2595 CVE STATUS: Patched CVE SUMMARY: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2595 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2596 CVE STATUS: Patched CVE SUMMARY: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2596 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2597 CVE STATUS: Patched CVE SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2630 CVE STATUS: Patched CVE SUMMARY: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2630 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-2631 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2631 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-3087 CVE STATUS: Patched CVE SUMMARY: LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3087 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2010-4665 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4665 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2011-1167 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1167 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-1173 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1173 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-2088 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2088 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-2113 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2113 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-3401 CVE STATUS: Patched CVE SUMMARY: The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3401 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-4447 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4447 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-4564 CVE STATUS: Patched CVE SUMMARY: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4564 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2012-5581 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5581 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-1960 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1960 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-1961 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1961 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4231 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4231 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4232 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4232 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4243 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4243 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2013-4244 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4244 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8127 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8127 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8128 CVE STATUS: Patched CVE SUMMARY: LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8128 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8129 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8129 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-8130 CVE STATUS: Patched CVE SUMMARY: The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8130 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-9330 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9330 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2014-9655 CVE STATUS: Patched CVE SUMMARY: The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9655 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-1547 CVE STATUS: Patched CVE SUMMARY: The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1547 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-7313 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue CVE SUMMARY: LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7313 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-7554 CVE STATUS: Patched CVE SUMMARY: The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7554 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8665 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8665 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8668 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8668 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8683 CVE STATUS: Patched CVE SUMMARY: The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8683 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8781 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8781 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8782 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8782 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8783 CVE STATUS: Patched CVE SUMMARY: tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8783 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8784 CVE STATUS: Patched CVE SUMMARY: The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8784 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2015-8870 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8870 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10092 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10092 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10093 CVE STATUS: Patched CVE SUMMARY: Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10093 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10094 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10094 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10095 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10095 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10266 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10266 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10267 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10267 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10268 CVE STATUS: Patched CVE SUMMARY: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10268 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10269 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10269 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10270 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10270 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10271 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10271 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10272 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10272 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-10371 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10371 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3186 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3186 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3619 CVE STATUS: Patched CVE SUMMARY: The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3619 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3620 CVE STATUS: Patched CVE SUMMARY: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3620 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3621 CVE STATUS: Patched CVE SUMMARY: The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3621 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3622 CVE STATUS: Patched CVE SUMMARY: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3622 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3623 CVE STATUS: Patched CVE SUMMARY: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3623 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3624 CVE STATUS: Patched CVE SUMMARY: The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3624 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3625 CVE STATUS: Patched CVE SUMMARY: tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3625 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3631 CVE STATUS: Patched CVE SUMMARY: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3631 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3632 CVE STATUS: Patched CVE SUMMARY: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3632 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3633 CVE STATUS: Patched CVE SUMMARY: The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3633 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3634 CVE STATUS: Patched CVE SUMMARY: The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3634 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3658 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3658 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3945 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3945 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3990 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3990 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-3991 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3991 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5102 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5102 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5314 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5314 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5315 CVE STATUS: Patched CVE SUMMARY: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5315 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5316 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5316 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5317 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5317 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5318 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5318 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5319 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5319 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5321 CVE STATUS: Patched CVE SUMMARY: The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5321 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5322 CVE STATUS: Patched CVE SUMMARY: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5322 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5323 CVE STATUS: Patched CVE SUMMARY: The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5323 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-5652 CVE STATUS: Patched CVE SUMMARY: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5652 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-6223 CVE STATUS: Patched CVE SUMMARY: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6223 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-8331 CVE STATUS: Patched CVE SUMMARY: An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8331 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9273 CVE STATUS: Patched CVE SUMMARY: tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9273 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9297 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9297 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9448 CVE STATUS: Patched CVE SUMMARY: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9448 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9453 CVE STATUS: Patched CVE SUMMARY: The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9453 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9532 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9532 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9533 CVE STATUS: Patched CVE SUMMARY: tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9533 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9534 CVE STATUS: Patched CVE SUMMARY: tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9534 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9535 CVE STATUS: Patched CVE SUMMARY: tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9535 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9536 CVE STATUS: Patched CVE SUMMARY: tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9536 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9537 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9537 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9538 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9538 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9539 CVE STATUS: Patched CVE SUMMARY: tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9539 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2016-9540 CVE STATUS: Patched CVE SUMMARY: tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9540 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-10688 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10688 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-11335 CVE STATUS: Patched CVE SUMMARY: There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11335 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-11613 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11613 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-12944 CVE STATUS: Patched CVE SUMMARY: The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12944 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-13726 CVE STATUS: Patched CVE SUMMARY: There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13726 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-13727 CVE STATUS: Patched CVE SUMMARY: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13727 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-16232 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16232 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17095 CVE STATUS: Patched CVE SUMMARY: tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17095 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17942 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17942 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-17973 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17973 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-18013 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18013 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-5225 CVE STATUS: Patched CVE SUMMARY: LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5225 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-5563 CVE STATUS: Patched CVE SUMMARY: LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5563 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7592 CVE STATUS: Patched CVE SUMMARY: The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7592 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7593 CVE STATUS: Patched CVE SUMMARY: tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7593 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7594 CVE STATUS: Patched CVE SUMMARY: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7594 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7595 CVE STATUS: Patched CVE SUMMARY: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7595 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7596 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7596 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7597 CVE STATUS: Patched CVE SUMMARY: tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7598 CVE STATUS: Patched CVE SUMMARY: tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7598 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7599 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7599 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7600 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7600 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7601 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7601 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-7602 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7602 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9117 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9117 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9147 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9147 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9403 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9403 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9404 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9404 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9815 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9815 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9935 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9935 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9936 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9936 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2017-9937 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9937 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10126 CVE STATUS: Patched CVE SUMMARY: ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10126 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10779 CVE STATUS: Patched CVE SUMMARY: TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10779 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10801 CVE STATUS: Patched CVE SUMMARY: TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10801 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-10963 CVE STATUS: Patched CVE SUMMARY: The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10963 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-12900 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12900 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-15209 CVE STATUS: Patched CVE SUMMARY: ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15209 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-16335 CVE STATUS: Patched CVE SUMMARY: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16335 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17000 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17000 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17100 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17100 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17101 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17101 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-17795 CVE STATUS: Patched CVE SUMMARY: The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17795 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-18557 CVE STATUS: Patched CVE SUMMARY: LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18557 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-18661 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18661 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-19210 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19210 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-5360 CVE STATUS: Patched CVE SUMMARY: LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5360 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-5784 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5784 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-7456 CVE STATUS: Patched CVE SUMMARY: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7456 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2018-8905 CVE STATUS: Patched CVE SUMMARY: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8905 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-14973 CVE STATUS: Patched CVE SUMMARY: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-17546 CVE STATUS: Patched CVE SUMMARY: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17546 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-6128 CVE STATUS: Patched CVE SUMMARY: The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6128 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2019-7663 CVE STATUS: Patched CVE SUMMARY: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7663 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-18768 CVE STATUS: Patched CVE SUMMARY: There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18768 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19131 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19131 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19143 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19143 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-19144 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19144 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35521 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35521 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35522 CVE STATUS: Patched CVE SUMMARY: In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35522 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35523 CVE STATUS: Patched CVE SUMMARY: An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35523 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2020-35524 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35524 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0561 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0561 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0562 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0562 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0865 CVE STATUS: Patched CVE SUMMARY: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0865 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0891 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0891 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0907 CVE STATUS: Patched CVE SUMMARY: Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0907 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0908 CVE STATUS: Patched CVE SUMMARY: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0908 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0909 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0909 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-0924 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0924 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1056 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1056 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1210 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1210 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1354 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1354 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1355 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1355 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1622 CVE STATUS: Patched CVE SUMMARY: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1622 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-1623 CVE STATUS: Patched CVE SUMMARY: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1623 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2056 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2056 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2057 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2057 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2058 CVE STATUS: Patched CVE SUMMARY: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2058 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-22844 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22844 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2519 CVE STATUS: Patched CVE SUMMARY: There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2519 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2520 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2520 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2521 CVE STATUS: Patched CVE SUMMARY: It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2521 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2867 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2867 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2868 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2868 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2869 CVE STATUS: Patched CVE SUMMARY: libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2869 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-2953 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2953 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-34266 CVE STATUS: Patched CVE SUMMARY: The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34266 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-34526 CVE STATUS: Patched CVE SUMMARY: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34526 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3570 CVE STATUS: Patched CVE SUMMARY: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3570 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3597 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3597 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3598 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3598 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3599 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3599 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3626 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3626 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3627 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3627 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-3970 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-40090 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40090 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-4645 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4645 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2022-48281 CVE STATUS: Patched CVE SUMMARY: processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48281 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0795 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0795 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0796 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0796 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0797 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0797 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0798 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0798 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0799 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0799 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0800 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0800 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0801 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0801 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0802 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0802 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0803 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0803 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-0804 CVE STATUS: Patched CVE SUMMARY: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0804 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-1916 CVE STATUS: Patched CVE SUMMARY: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1916 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25433 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25433 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25434 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25434 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-25435 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25435 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-26965 CVE STATUS: Patched CVE SUMMARY: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-26965 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-26966 CVE STATUS: Patched CVE SUMMARY: libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-26966 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-2731 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2731 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-2908 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2908 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30086 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30086 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30774 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30774 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-30775 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30775 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3164 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Issue only affects the tiffcrop tool not compiled by default since 4.6.0 CVE SUMMARY: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3164 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3316 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3316 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3576 CVE STATUS: Patched CVE SUMMARY: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3576 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-3618 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3618 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-40745 CVE STATUS: Patched CVE SUMMARY: LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40745 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-41175 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41175 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-52355 CVE STATUS: Patched CVE SUMMARY: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-52356 CVE STATUS: Patched CVE SUMMARY: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52356 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-6228 CVE STATUS: Patched CVE SUMMARY: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2023-6277 CVE STATUS: Patched CVE SUMMARY: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6277 LAYER: meta PACKAGE NAME: tiff PACKAGE VERSION: 4.6.0 CVE: CVE-2024-7006 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7006 LAYER: meta PACKAGE NAME: libcomps PACKAGE VERSION: 0.1.20 CVE: CVE-2019-3817 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3817 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2015-8011 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8011 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2015-8012 CVE STATUS: Patched CVE SUMMARY: lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8012 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2020-27827 CVE STATUS: Patched CVE SUMMARY: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27827 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2021-43612 CVE STATUS: Patched CVE SUMMARY: In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43612 LAYER: meta-networking PACKAGE NAME: lldpd PACKAGE VERSION: 1.0.18 CVE: CVE-2023-41910 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41910 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2003-0577 CVE STATUS: Patched CVE SUMMARY: mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0577 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2003-0865 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0865 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2004-0805 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0805 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2004-0982 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0982 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2004-0991 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0991 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2004-1284 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1284 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2006-1655 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1655 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2006-3355 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3355 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2007-0578 CVE STATUS: Patched CVE SUMMARY: The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0578 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2007-4397 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4397 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2009-1301 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1301 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2014-9497 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in mpg123 before 1.18.0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9497 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2017-10683 CVE STATUS: Patched CVE SUMMARY: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10683 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2017-11126 CVE STATUS: Patched CVE SUMMARY: The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11126 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2017-12797 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12797 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2017-12839 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12839 LAYER: meta PACKAGE NAME: mpg123 PACKAGE VERSION: 1.32.6 CVE: CVE-2017-9545 CVE STATUS: Patched CVE SUMMARY: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9545 LAYER: meta-oe PACKAGE NAME: lmbench PACKAGE VERSION: 3.0-a9 CVE: CVE-2008-4968 CVE STATUS: Patched CVE SUMMARY: The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4968 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2013-2063 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2063 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2016-7951 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7951 LAYER: meta PACKAGE NAME: libxtst PACKAGE VERSION: 1_1.2.4 CVE: CVE-2016-7952 CVE STATUS: Patched CVE SUMMARY: X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7952 LAYER: meta PACKAGE NAME: make PACKAGE VERSION: 4.4.1 CVE: CVE-2000-0151 CVE STATUS: Patched CVE SUMMARY: GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0151 LAYER: meta PACKAGE NAME: gstreamer1.0-rtsp-server PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2020-6095 CVE STATUS: Patched CVE SUMMARY: An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6095 LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.1.0+git CVE: CVE-2022-1050 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1050 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2004-1001 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1001 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2006-1174 CVE STATUS: Patched CVE SUMMARY: useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1174 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2006-1844 CVE STATUS: Patched CVE SUMMARY: The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1844 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2008-5394 CVE STATUS: Patched CVE SUMMARY: /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5394 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2011-0721 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0721 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2013-4235 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: Severity is low and marked as closed and won't fix. CVE SUMMARY: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4235 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2016-6252 CVE STATUS: Patched CVE SUMMARY: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6252 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2017-12424 CVE STATUS: Patched CVE SUMMARY: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2017-20002 CVE STATUS: Patched CVE SUMMARY: The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20002 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2018-16588 CVE STATUS: Patched CVE SUMMARY: Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16588 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2018-7169 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7169 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2019-16110 CVE STATUS: Patched CVE SUMMARY: The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16110 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2019-19882 CVE STATUS: Patched CVE SUMMARY: shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19882 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.14.2 CVE: CVE-2023-29383 CVE STATUS: Patched CVE SUMMARY: In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29383 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2005-2547 CVE STATUS: Patched CVE SUMMARY: security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2547 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2006-6899 CVE STATUS: Patched CVE SUMMARY: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6899 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-7837 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7837 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9797 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9797 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9798 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9798 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9799 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9799 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9800 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9800 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9801 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9801 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9802 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9802 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9803 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9803 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9804 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9804 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9917 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9917 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2016-9918 CVE STATUS: Patched CVE SUMMARY: In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9918 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2017-1000250 CVE STATUS: Patched CVE SUMMARY: All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000250 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2018-10910 CVE STATUS: Patched CVE SUMMARY: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10910 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2019-8921 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8921 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2019-8922 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8922 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-0556 CVE STATUS: Patched CVE SUMMARY: Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0556 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-24490 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This issue has kernel fixes rather than bluez fixes CVE SUMMARY: Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24490 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2020-27153 CVE STATUS: Patched CVE SUMMARY: In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27153 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-0129 CVE STATUS: Patched CVE SUMMARY: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-0129 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-3588 CVE STATUS: Patched CVE SUMMARY: The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3588 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-3658 CVE STATUS: Patched CVE SUMMARY: bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3658 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-41229 CVE STATUS: Patched CVE SUMMARY: BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41229 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2021-43400 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43400 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-0204 CVE STATUS: Patched CVE SUMMARY: A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0204 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-3563 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3563 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-3637 CVE STATUS: Patched CVE SUMMARY: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3637 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-39176 CVE STATUS: Patched CVE SUMMARY: BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39176 LAYER: meta PACKAGE NAME: bluez5 PACKAGE VERSION: 5.72 CVE: CVE-2022-39177 CVE STATUS: Patched CVE SUMMARY: BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39177 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2011-4099 CVE STATUS: Patched CVE SUMMARY: The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4099 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2602 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2602 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2603 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2603 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2007-1030 CVE STATUS: Patched CVE SUMMARY: Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1030 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2014-6272 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6272 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2015-6525 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6525 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10195 CVE STATUS: Patched CVE SUMMARY: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10196 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10197 CVE STATUS: Patched CVE SUMMARY: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2007-4770 CVE STATUS: Patched CVE SUMMARY: libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4770 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2007-4771 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4771 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2011-4599 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4599 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7923 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7923 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7926 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7926 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-7940 CVE STATUS: Patched CVE SUMMARY: The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7940 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-8146 CVE STATUS: Patched CVE SUMMARY: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8146 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-8147 CVE STATUS: Patched CVE SUMMARY: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8147 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-9654 CVE STATUS: Patched CVE SUMMARY: The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9654 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2014-9911 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9911 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2015-5922 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5922 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2016-6293 CVE STATUS: Patched CVE SUMMARY: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6293 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2016-7415 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7415 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-14952 CVE STATUS: Patched CVE SUMMARY: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-15396 CVE STATUS: Patched CVE SUMMARY: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15396 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-15422 CVE STATUS: Patched CVE SUMMARY: Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15422 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-17484 CVE STATUS: Patched CVE SUMMARY: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17484 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-7867 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7867 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2017-7868 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7868 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2018-18928 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18928 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2020-10531 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10531 LAYER: meta PACKAGE NAME: icu PACKAGE VERSION: 74-2 CVE: CVE-2020-21913 CVE STATUS: Patched CVE SUMMARY: International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21913 LAYER: meta-python PACKAGE NAME: python3-twisted PACKAGE VERSION: 24.3.0 CVE: CVE-2024-41671 CVE STATUS: Patched CVE SUMMARY: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-41671 LAYER: meta-ros2-jazzy PACKAGE NAME: sros2 PACKAGE VERSION: 0.13.0-3 CVE: CVE-2019-19625 CVE STATUS: Patched CVE SUMMARY: SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19625 LAYER: meta-ros2-jazzy PACKAGE NAME: sros2 PACKAGE VERSION: 0.13.0-3 CVE: CVE-2019-19627 CVE STATUS: Patched CVE SUMMARY: SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19627 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2007-5503 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5503 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2014-5116 CVE STATUS: Patched CVE SUMMARY: The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5116 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2016-3190 CVE STATUS: Patched CVE SUMMARY: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3190 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2016-9082 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9082 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2017-7475 CVE STATUS: Patched CVE SUMMARY: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7475 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2017-9814 CVE STATUS: Patched CVE SUMMARY: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9814 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2018-18064 CVE STATUS: Patched CVE SUMMARY: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18064 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2018-19876 CVE STATUS: Patched CVE SUMMARY: cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19876 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2019-6461 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6461 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2019-6462 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6462 LAYER: meta PACKAGE NAME: cairo PACKAGE VERSION: 1.18.0 CVE: CVE-2020-35492 CVE STATUS: Patched CVE SUMMARY: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35492 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2000-0698 CVE STATUS: Patched CVE SUMMARY: Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0698 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2001-0570 CVE STATUS: Patched CVE SUMMARY: minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0570 LAYER: meta PACKAGE NAME: minicom PACKAGE VERSION: 2.9 CVE: CVE-2017-7467 CVE STATUS: Patched CVE SUMMARY: A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7467 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2011-3146 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3146 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2013-1881 CVE STATUS: Patched CVE SUMMARY: GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1881 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7557 CVE STATUS: Patched CVE SUMMARY: The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7557 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7558 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7558 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-4348 CVE STATUS: Patched CVE SUMMARY: The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4348 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-6163 CVE STATUS: Patched CVE SUMMARY: The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6163 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2017-11464 CVE STATUS: Patched CVE SUMMARY: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11464 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2018-1000041 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000041 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2019-20446 CVE STATUS: Patched CVE SUMMARY: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20446 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2023-38633 CVE STATUS: Patched CVE SUMMARY: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38633 LAYER: meta PACKAGE NAME: glib-networking PACKAGE VERSION: 2.78.1 CVE: CVE-2020-13645 CVE STATUS: Patched CVE SUMMARY: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13645 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2015-8659 CVE STATUS: Patched CVE SUMMARY: The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 10.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8659 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2016-1544 CVE STATUS: Patched CVE SUMMARY: nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1544 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2018-1000168 CVE STATUS: Patched CVE SUMMARY: nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000168 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2020-11080 CVE STATUS: Patched CVE SUMMARY: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11080 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2023-35945 CVE STATUS: Patched CVE SUMMARY: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-35945 LAYER: meta PACKAGE NAME: nghttp2 PACKAGE VERSION: 1.61.0 CVE: CVE-2023-44487 CVE STATUS: Patched CVE SUMMARY: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2001-0084 CVE STATUS: Patched CVE SUMMARY: GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0084 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0753 CVE STATUS: Patched CVE SUMMARY: The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0753 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0782 CVE STATUS: Patched CVE SUMMARY: Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0782 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0783 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0783 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2004-0788 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0788 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-0372 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0372 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-0891 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0891 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-2975 CVE STATUS: Patched CVE SUMMARY: io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2975 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2005-2976 CVE STATUS: Patched CVE SUMMARY: Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2976 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2007-0010 CVE STATUS: Patched CVE SUMMARY: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0010 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-0732 CVE STATUS: Patched CVE SUMMARY: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0732 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-4831 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4831 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2010-4833 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4833 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2012-0828 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0828 LAYER: meta PACKAGE NAME: gtk+3 PACKAGE VERSION: 3.24.41 CVE: CVE-2014-1949 CVE STATUS: Patched CVE SUMMARY: GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1949 LAYER: meta PACKAGE NAME: vte PACKAGE VERSION: 0.74.2 CVE: CVE-2003-0070 CVE STATUS: Patched CVE SUMMARY: VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0070 LAYER: meta PACKAGE NAME: vte PACKAGE VERSION: 0.74.2 CVE: CVE-2010-2713 CVE STATUS: Patched CVE SUMMARY: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2713 LAYER: meta PACKAGE NAME: vte PACKAGE VERSION: 0.74.2 CVE: CVE-2012-2738 CVE STATUS: Patched CVE SUMMARY: The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2738 LAYER: meta PACKAGE NAME: vte PACKAGE VERSION: 0.74.2 CVE: CVE-2024-37535 CVE STATUS: Patched CVE SUMMARY: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-37535 LAYER: meta-oe PACKAGE NAME: hwloc PACKAGE VERSION: 2.9.3 CVE: CVE-2022-47022 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47022 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2009-1194 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1194 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2010-0421 CVE STATUS: Patched CVE SUMMARY: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0421 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0020 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0020 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0064 CVE STATUS: Patched CVE SUMMARY: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0064 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2018-15120 CVE STATUS: Patched CVE SUMMARY: libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15120 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2019-1010238 CVE STATUS: Patched CVE SUMMARY: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2014-0172 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0172 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2014-9447 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9447 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2016-10254 CVE STATUS: Patched CVE SUMMARY: The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10254 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2016-10255 CVE STATUS: Patched CVE SUMMARY: The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10255 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7607 CVE STATUS: Patched CVE SUMMARY: The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7607 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7608 CVE STATUS: Patched CVE SUMMARY: The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7608 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7609 CVE STATUS: Patched CVE SUMMARY: elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7609 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7610 CVE STATUS: Patched CVE SUMMARY: The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7610 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7611 CVE STATUS: Patched CVE SUMMARY: The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7611 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7612 CVE STATUS: Patched CVE SUMMARY: The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7612 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7613 CVE STATUS: Patched CVE SUMMARY: elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7613 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16062 CVE STATUS: Patched CVE SUMMARY: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16062 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16402 CVE STATUS: Patched CVE SUMMARY: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16402 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16403 CVE STATUS: Patched CVE SUMMARY: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16403 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18310 CVE STATUS: Patched CVE SUMMARY: An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18310 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18520 CVE STATUS: Patched CVE SUMMARY: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18520 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18521 CVE STATUS: Patched CVE SUMMARY: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18521 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-8769 CVE STATUS: Patched CVE SUMMARY: elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8769 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7146 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7146 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7148 CVE STATUS: Patched CVE SUMMARY: An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7148 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7149 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7149 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7150 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7150 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7664 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7664 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7665 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7665 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2020-21047 CVE STATUS: Patched CVE SUMMARY: The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21047 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2021-33294 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33294 LAYER: meta PACKAGE NAME: tcl PACKAGE VERSION: 8.6.13 CVE: CVE-2021-35331 CVE STATUS: Patched CVE SUMMARY: In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35331 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: libgcc PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2005-0876 CVE STATUS: Patched CVE SUMMARY: Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0876 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2005-0877 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0877 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2006-2017 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2017 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2008-3214 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3214 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2008-3350 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3350 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2009-2957 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2957 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2009-2958 CVE STATUS: Patched CVE SUMMARY: The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2958 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2012-3411 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3411 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2013-0198 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0198 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2015-3294 CVE STATUS: Patched CVE SUMMARY: The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3294 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2015-8899 CVE STATUS: Patched CVE SUMMARY: Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8899 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-13704 CVE STATUS: Patched CVE SUMMARY: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13704 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14491 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14491 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14492 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14492 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14493 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14493 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14494 CVE STATUS: Patched CVE SUMMARY: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14494 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14495 CVE STATUS: Patched CVE SUMMARY: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14495 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-14496 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14496 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2017-15107 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15107 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2019-14513 CVE STATUS: Patched CVE SUMMARY: Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14513 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2019-14834 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14834 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25681 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25681 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25682 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25682 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25683 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25683 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25684 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25684 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25685 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25685 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25686 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25686 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2020-25687 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25687 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-3448 CVE STATUS: Patched CVE SUMMARY: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3448 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45951 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45951 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45952 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45952 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45953 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45953 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45954 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45954 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45955 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45955 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45956 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45956 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2021-45957 CVE STATUS: Patched CVE SUMMARY: Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45957 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2022-0934 CVE STATUS: Patched CVE SUMMARY: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0934 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-28450 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28450 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-49441 CVE STATUS: Patched CVE SUMMARY: dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-49441 LAYER: meta-networking PACKAGE NAME: dnsmasq PACKAGE VERSION: 2.90 CVE: CVE-2023-50387 CVE STATUS: Patched CVE SUMMARY: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50387 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2000-1213 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in 2000-10-10, but the versioning of iputils breaks the version order. CVE SUMMARY: ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1213 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2000-1214 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed in 2000-10-10, but the versioning of iputils breaks the version order. CVE SUMMARY: Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1214 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20240117 CVE: CVE-2010-2529 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2529 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9085 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9085 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9969 CVE STATUS: Patched CVE SUMMARY: In libwebp 0.5.1, there is a double free bug in libwebpmux. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9969 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25009 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25009 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25010 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25010 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25011 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25011 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25012 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25012 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25013 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25013 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25014 CVE STATUS: Patched CVE SUMMARY: A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25014 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36328 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36328 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36329 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36329 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36330 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36330 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36331 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36331 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36332 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36332 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-1999 CVE STATUS: Patched CVE SUMMARY: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.  CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1999 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-4863 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2896 CVE STATUS: Patched CVE SUMMARY: The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2896 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2897 CVE STATUS: Patched CVE SUMMARY: The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2897 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2898 CVE STATUS: Patched CVE SUMMARY: wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2898 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2901 CVE STATUS: Patched CVE SUMMARY: wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2901 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2902 CVE STATUS: Patched CVE SUMMARY: wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2902 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2903 CVE STATUS: Patched CVE SUMMARY: CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2903 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2014-2904 CVE STATUS: Patched CVE SUMMARY: wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2904 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2015-6925 CVE STATUS: Patched CVE SUMMARY: wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6925 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2015-7744 CVE STATUS: Patched CVE SUMMARY: wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7744 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2016-7438 CVE STATUS: Patched CVE SUMMARY: The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7438 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2016-7439 CVE STATUS: Patched CVE SUMMARY: The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7439 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2016-7440 CVE STATUS: Patched CVE SUMMARY: The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7440 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2017-13099 CVE STATUS: Patched CVE SUMMARY: wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13099 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2017-2800 CVE STATUS: Patched CVE SUMMARY: A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2800 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2017-6076 CVE STATUS: Patched CVE SUMMARY: In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6076 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2017-8854 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8854 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2017-8855 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8855 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2018-12436 CVE STATUS: Patched CVE SUMMARY: wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12436 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2018-16870 CVE STATUS: Patched CVE SUMMARY: It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16870 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-11873 CVE STATUS: Patched CVE SUMMARY: wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11873 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-13628 CVE STATUS: Patched CVE SUMMARY: wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13628 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-14317 CVE STATUS: Patched CVE SUMMARY: wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14317 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-15651 CVE STATUS: Patched CVE SUMMARY: wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15651 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-16748 CVE STATUS: Patched CVE SUMMARY: In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16748 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-18840 CVE STATUS: Patched CVE SUMMARY: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18840 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-19960 CVE STATUS: Patched CVE SUMMARY: In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19960 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-19962 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19962 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-19963 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19963 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2019-6439 CVE STATUS: Patched CVE SUMMARY: examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6439 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-11713 CVE STATUS: Patched CVE SUMMARY: wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11713 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-11735 CVE STATUS: Patched CVE SUMMARY: The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11735 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-12457 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12457 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-15309 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15309 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-24585 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24585 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-24613 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24613 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2020-36177 CVE STATUS: Patched CVE SUMMARY: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36177 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2021-24116 CVE STATUS: Patched CVE SUMMARY: In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24116 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2021-3336 CVE STATUS: Patched CVE SUMMARY: DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3336 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2021-37155 CVE STATUS: Patched CVE SUMMARY: wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37155 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2021-38597 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38597 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2021-44718 CVE STATUS: Patched CVE SUMMARY: wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44718 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-23408 CVE STATUS: Patched CVE SUMMARY: wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23408 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-25638 CVE STATUS: Patched CVE SUMMARY: In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25638 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-25640 CVE STATUS: Patched CVE SUMMARY: In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25640 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-34293 CVE STATUS: Patched CVE SUMMARY: wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34293 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-38152 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-38152 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-38153 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-38153 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-39173 CVE STATUS: Patched CVE SUMMARY: In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39173 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-42905 CVE STATUS: Patched CVE SUMMARY: In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42905 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2022-42961 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42961 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2023-3724 CVE STATUS: Patched CVE SUMMARY: If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.  CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3724 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2023-6935 CVE STATUS: Patched CVE SUMMARY: wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6935 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-1543 CVE STATUS: Patched CVE SUMMARY: The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-1543 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-1545 CVE STATUS: Patched CVE SUMMARY: Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-1545 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-2881 CVE STATUS: Patched CVE SUMMARY: Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-2881 LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-5991 CVE STATUS: Unpatched CVE SUMMARY: In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-5991 LAYER: meta PACKAGE NAME: ltp PACKAGE VERSION: 20240129 CVE: CVE-2008-5145 CVE STATUS: Patched CVE SUMMARY: ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5145 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-1999-0402 CVE STATUS: Patched CVE SUMMARY: wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0402 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2002-1344 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1344 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1487 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1487 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1488 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1488 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-2014 CVE STATUS: Patched CVE SUMMARY: Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2014 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2005-3185 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3185 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2006-6719 CVE STATUS: Patched CVE SUMMARY: The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6719 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2009-3490 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3490 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2010-2252 CVE STATUS: Patched CVE SUMMARY: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2252 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2014-4877 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4877 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-4971 CVE STATUS: Patched CVE SUMMARY: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4971 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-7098 CVE STATUS: Patched CVE SUMMARY: Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7098 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13089 CVE STATUS: Patched CVE SUMMARY: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13089 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13090 CVE STATUS: Patched CVE SUMMARY: The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13090 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-6508 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6508 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-0494 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0494 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-20483 CVE STATUS: Patched CVE SUMMARY: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20483 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2019-5953 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5953 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2021-31879 CVE STATUS: Patched CVE SUMMARY: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31879 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2024-38428 CVE STATUS: Patched CVE SUMMARY: url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-38428 LAYER: meta-oe PACKAGE NAME: libvpx PACKAGE VERSION: 1.14.0 CVE: CVE-2010-4203 CVE STATUS: Patched CVE SUMMARY: WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4203 LAYER: meta-oe PACKAGE NAME: libvpx PACKAGE VERSION: 1.14.0 CVE: CVE-2012-0823 CVE STATUS: Patched CVE SUMMARY: VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0823 LAYER: meta-oe PACKAGE NAME: libvpx PACKAGE VERSION: 1.14.0 CVE: CVE-2023-44488 CVE STATUS: Patched CVE SUMMARY: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44488 LAYER: meta-oe PACKAGE NAME: libvpx PACKAGE VERSION: 1.14.0 CVE: CVE-2023-5217 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5217 LAYER: meta PACKAGE NAME: cmake PACKAGE VERSION: 3.28.3 CVE: CVE-2016-10642 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded CVE SUMMARY: cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10642 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-1999-0199 CVE STATUS: Patched CVE SUMMARY: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0199 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0335 CVE STATUS: Patched CVE SUMMARY: The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0335 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0824 CVE STATUS: Patched CVE SUMMARY: The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0824 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0959 CVE STATUS: Patched CVE SUMMARY: glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0959 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-0684 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0684 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-1146 CVE STATUS: Patched CVE SUMMARY: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1146 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-1265 CVE STATUS: Patched CVE SUMMARY: The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1265 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2003-0028 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0028 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2003-0859 CVE STATUS: Patched CVE SUMMARY: The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0859 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-0968 CVE STATUS: Patched CVE SUMMARY: The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0968 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-1382 CVE STATUS: Patched CVE SUMMARY: The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1382 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-1453 CVE STATUS: Patched CVE SUMMARY: GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1453 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2005-3590 CVE STATUS: Patched CVE SUMMARY: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3590 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2006-7254 CVE STATUS: Patched CVE SUMMARY: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7254 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2007-3508 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3508 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-4880 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4880 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-4881 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4881 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5029 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5064 CVE STATUS: Patched CVE SUMMARY: ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5064 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5155 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5155 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0015 CVE STATUS: Patched CVE SUMMARY: nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0015 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0296 CVE STATUS: Patched CVE SUMMARY: The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0296 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0830 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0830 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3192 CVE STATUS: Patched CVE SUMMARY: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3847 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3847 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3856 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3856 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4051 CVE STATUS: Patched CVE SUMMARY: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4051 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4052 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4052 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4756 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: Issue is memory exhaustion via glob() calls, e.g. from within an ftp server Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 Upstream don't see it as a security issue, ftp servers shouldn't be passing this to libc glob. Upstream have no plans to add BSD's GLOB_LIMIT or similar. CVE SUMMARY: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4756 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-0536 CVE STATUS: Patched CVE SUMMARY: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0536 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1071 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1071 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1089 CVE STATUS: Patched CVE SUMMARY: The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1089 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1095 CVE STATUS: Patched CVE SUMMARY: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1095 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1658 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1658 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1659 CVE STATUS: Patched CVE SUMMARY: Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1659 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-2702 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2702 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-4609 CVE STATUS: Patched CVE SUMMARY: The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4609 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-5320 CVE STATUS: Patched CVE SUMMARY: scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-5320 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-0864 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0864 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3404 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3404 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3405 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3405 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3406 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3406 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3480 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3480 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-4412 CVE STATUS: Patched CVE SUMMARY: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4412 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-4424 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-6656 CVE STATUS: Patched CVE SUMMARY: iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6656 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-0242 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0242 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-1914 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1914 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-2207 CVE STATUS: Patched CVE SUMMARY: pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2207 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4237 CVE STATUS: Patched CVE SUMMARY: sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4332 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4332 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4458 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4458 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4788 CVE STATUS: Patched CVE SUMMARY: The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4788 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-7423 CVE STATUS: Patched CVE SUMMARY: The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7423 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-7424 CVE STATUS: Patched CVE SUMMARY: The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-0475 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0475 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-4043 CVE STATUS: Patched CVE SUMMARY: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4043 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-5119 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5119 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-6040 CVE STATUS: Patched CVE SUMMARY: GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6040 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-7817 CVE STATUS: Patched CVE SUMMARY: The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7817 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-8121 CVE STATUS: Patched CVE SUMMARY: DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8121 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9402 CVE STATUS: Patched CVE SUMMARY: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9402 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9761 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9761 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9984 CVE STATUS: Patched CVE SUMMARY: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-0235 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0235 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1472 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1472 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1473 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1473 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1781 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1781 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-20109 CVE STATUS: Patched CVE SUMMARY: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20109 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-5180 CVE STATUS: Patched CVE SUMMARY: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5180 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-5277 CVE STATUS: Patched CVE SUMMARY: The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5277 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-7547 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7547 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8776 CVE STATUS: Patched CVE SUMMARY: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8776 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8777 CVE STATUS: Patched CVE SUMMARY: The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8777 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8778 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8778 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8779 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8779 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8982 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8982 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8983 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8983 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8984 CVE STATUS: Patched CVE SUMMARY: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8985 CVE STATUS: Patched CVE SUMMARY: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8985 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-10228 CVE STATUS: Patched CVE SUMMARY: The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10228 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-10739 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10739 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-1234 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1234 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-3075 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3075 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-3706 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3706 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-4429 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4429 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-5417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5417 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-6323 CVE STATUS: Patched CVE SUMMARY: The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6323 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000366 CVE STATUS: Patched CVE SUMMARY: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000366 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000408 CVE STATUS: Patched CVE SUMMARY: A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000408 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000409 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000409 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-12132 CVE STATUS: Patched CVE SUMMARY: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12132 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-12133 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12133 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15670 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15670 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15671 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15671 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15804 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-16997 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16997 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-17426 CVE STATUS: Patched CVE SUMMARY: The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17426 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-18269 CVE STATUS: Patched CVE SUMMARY: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18269 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-8804 CVE STATUS: Patched CVE SUMMARY: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-1000001 CVE STATUS: Patched CVE SUMMARY: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000001 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-11236 CVE STATUS: Patched CVE SUMMARY: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11236 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-11237 CVE STATUS: Patched CVE SUMMARY: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-19591 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19591 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-20796 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20796 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-6485 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6485 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-6551 CVE STATUS: Patched CVE SUMMARY: The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6551 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010022 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010023 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010024 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010025 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow easier access for another. 'ASLR bypass itself is not a vulnerability.' CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-19126 CVE STATUS: Patched CVE SUMMARY: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19126 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-25013 CVE STATUS: Patched CVE SUMMARY: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-25013 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-6488 CVE STATUS: Patched CVE SUMMARY: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6488 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-7309 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7309 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-9169 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9169 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-9192 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-10029 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-1751 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 5.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1751 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-1752 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1752 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-27618 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27618 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-29562 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29562 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-29573 CVE STATUS: Patched CVE SUMMARY: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29573 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-6096 CVE STATUS: Patched CVE SUMMARY: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6096 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-27645 CVE STATUS: Patched CVE SUMMARY: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27645 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3326 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3326 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-33574 CVE STATUS: Patched CVE SUMMARY: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33574 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-35942 CVE STATUS: Patched CVE SUMMARY: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35942 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-38604 CVE STATUS: Patched CVE SUMMARY: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38604 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3998 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3998 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3999 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3999 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-43396 CVE STATUS: Patched CVE SUMMARY: In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43396 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-23218 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23218 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-23219 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23219 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-39046 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39046 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-0687 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 9.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0687 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-25139 CVE STATUS: Patched CVE SUMMARY: sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25139 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4527 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4527 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4806 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4806 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4813 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4813 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4911 CVE STATUS: Patched CVE SUMMARY: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4911 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-5156 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5156 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6246 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6246 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6779 CVE STATUS: Patched CVE SUMMARY: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6779 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6780 CVE STATUS: Patched CVE SUMMARY: An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6780 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-2961 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-2961 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33599 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 VECTOR: UNKNOWN VECTORSTRING: UNKNOWN MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33599 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33600 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 VECTOR: UNKNOWN VECTORSTRING: UNKNOWN MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33600 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33601 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33601 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33602 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33602 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2007-5497 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5497 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2015-0247 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0247 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2015-1572 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1572 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2019-5094 CVE STATUS: Patched CVE SUMMARY: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5094 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2019-5188 CVE STATUS: Patched CVE SUMMARY: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5188 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.47.0 CVE: CVE-2022-1304 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1304 LAYER: meta PACKAGE NAME: bison PACKAGE VERSION: 3.8.2 CVE: CVE-2020-14150 CVE STATUS: Patched CVE SUMMARY: GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14150 LAYER: meta PACKAGE NAME: bison PACKAGE VERSION: 3.8.2 CVE: CVE-2020-24240 CVE STATUS: Patched CVE SUMMARY: GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24240 LAYER: meta PACKAGE NAME: libxxf86vm PACKAGE VERSION: 1_1.1.5 CVE: CVE-2013-2001 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2001 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2005-0664 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0664 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2006-4168 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4168 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-2645 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2645 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-6351 CVE STATUS: Patched CVE SUMMARY: libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6351 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2007-6352 CVE STATUS: Patched CVE SUMMARY: Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6352 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2009-3895 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3895 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2812 CVE STATUS: Patched CVE SUMMARY: The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2812 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2813 CVE STATUS: Patched CVE SUMMARY: The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2813 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2814 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2814 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2836 CVE STATUS: Patched CVE SUMMARY: The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2836 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2837 CVE STATUS: Patched CVE SUMMARY: The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2837 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2840 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2840 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2012-2841 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2841 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2016-6328 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6328 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2017-7544 CVE STATUS: Patched CVE SUMMARY: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7544 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2018-20030 CVE STATUS: Patched CVE SUMMARY: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20030 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0093 CVE STATUS: Patched CVE SUMMARY: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0093 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0181 CVE STATUS: Patched CVE SUMMARY: In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0181 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-0198 CVE STATUS: Patched CVE SUMMARY: In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0198 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-12767 CVE STATUS: Patched CVE SUMMARY: exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12767 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13112 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13112 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13113 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13113 LAYER: meta PACKAGE NAME: libexif PACKAGE VERSION: 0.6.24 CVE: CVE-2020-13114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13114 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2006-5876 CVE STATUS: Patched CVE SUMMARY: The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5876 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2009-0585 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0585 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2011-2524 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2524 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2012-2132 CVE STATUS: Patched CVE SUMMARY: libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2132 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2017-2885 CVE STATUS: Patched CVE SUMMARY: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2885 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2018-11713 CVE STATUS: Patched CVE SUMMARY: WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11713 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2018-12910 CVE STATUS: Patched CVE SUMMARY: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12910 LAYER: meta PACKAGE NAME: libsoup-2.4 PACKAGE VERSION: 2.74.3 CVE: CVE-2019-17266 CVE STATUS: Patched CVE SUMMARY: libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17266 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-1999-1024 CVE STATUS: Patched CVE SUMMARY: ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1024 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2000-0333 CVE STATUS: Patched CVE SUMMARY: tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0333 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2000-1026 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1026 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2001-1279 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1279 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2002-0380 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0380 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2002-1350 CVE STATUS: Patched CVE SUMMARY: The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1350 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0093 CVE STATUS: Patched CVE SUMMARY: The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0093 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0108 CVE STATUS: Patched CVE SUMMARY: isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0108 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0145 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0145 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0194 CVE STATUS: Patched CVE SUMMARY: tcpdump does not properly drop privileges to the pcap user when starting up. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0194 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0989 CVE STATUS: Patched CVE SUMMARY: tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0989 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-1029 CVE STATUS: Patched CVE SUMMARY: The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1029 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0055 CVE STATUS: Patched CVE SUMMARY: The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0055 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0057 CVE STATUS: Patched CVE SUMMARY: The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0057 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0183 CVE STATUS: Patched CVE SUMMARY: TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0183 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0184 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0184 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1267 CVE STATUS: Patched CVE SUMMARY: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1267 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1278 CVE STATUS: Patched CVE SUMMARY: The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1278 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1279 CVE STATUS: Patched CVE SUMMARY: tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1279 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1280 CVE STATUS: Patched CVE SUMMARY: The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1280 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2007-1218 CVE STATUS: Patched CVE SUMMARY: Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1218 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2007-3798 CVE STATUS: Patched CVE SUMMARY: Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3798 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8767 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8767 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8768 CVE STATUS: Patched CVE SUMMARY: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8768 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8769 CVE STATUS: Patched CVE SUMMARY: tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8769 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-9140 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9140 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-0261 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0261 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2153 CVE STATUS: Patched CVE SUMMARY: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2153 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2154 CVE STATUS: Patched CVE SUMMARY: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2154 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2155 CVE STATUS: Patched CVE SUMMARY: The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2155 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-3138 CVE STATUS: Patched CVE SUMMARY: print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3138 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7922 CVE STATUS: Patched CVE SUMMARY: The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7922 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7923 CVE STATUS: Patched CVE SUMMARY: The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7923 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7924 CVE STATUS: Patched CVE SUMMARY: The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7924 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7925 CVE STATUS: Patched CVE SUMMARY: The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7925 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7926 CVE STATUS: Patched CVE SUMMARY: The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7926 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7927 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7927 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7928 CVE STATUS: Patched CVE SUMMARY: The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7928 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7929 CVE STATUS: Patched CVE SUMMARY: The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7929 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7930 CVE STATUS: Patched CVE SUMMARY: The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7930 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7931 CVE STATUS: Patched CVE SUMMARY: The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7931 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7932 CVE STATUS: Patched CVE SUMMARY: The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7932 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7933 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7933 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7934 CVE STATUS: Patched CVE SUMMARY: The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7934 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7935 CVE STATUS: Patched CVE SUMMARY: The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7935 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7936 CVE STATUS: Patched CVE SUMMARY: The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7936 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7937 CVE STATUS: Patched CVE SUMMARY: The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7937 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7938 CVE STATUS: Patched CVE SUMMARY: The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7938 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7939 CVE STATUS: Patched CVE SUMMARY: The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7939 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7940 CVE STATUS: Patched CVE SUMMARY: The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7940 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7973 CVE STATUS: Patched CVE SUMMARY: The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7973 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7974 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7974 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7975 CVE STATUS: Patched CVE SUMMARY: The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7975 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7983 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7983 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7984 CVE STATUS: Patched CVE SUMMARY: The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7984 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7985 CVE STATUS: Patched CVE SUMMARY: The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7985 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7986 CVE STATUS: Patched CVE SUMMARY: The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7986 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7992 CVE STATUS: Patched CVE SUMMARY: The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7992 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7993 CVE STATUS: Patched CVE SUMMARY: A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7993 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-8574 CVE STATUS: Patched CVE SUMMARY: The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8574 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-8575 CVE STATUS: Patched CVE SUMMARY: The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8575 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11108 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11108 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11541 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11541 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11542 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11542 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11543 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11543 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12893 CVE STATUS: Patched CVE SUMMARY: The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12893 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12894 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12894 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12895 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12895 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12896 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12896 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12897 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12897 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12898 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12898 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12899 CVE STATUS: Patched CVE SUMMARY: The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12899 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12900 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12900 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12901 CVE STATUS: Patched CVE SUMMARY: The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12901 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12902 CVE STATUS: Patched CVE SUMMARY: The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12902 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12985 CVE STATUS: Patched CVE SUMMARY: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12985 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12986 CVE STATUS: Patched CVE SUMMARY: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12986 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12987 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12987 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12988 CVE STATUS: Patched CVE SUMMARY: The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12988 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12989 CVE STATUS: Patched CVE SUMMARY: The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12989 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12990 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12990 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12991 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12991 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12992 CVE STATUS: Patched CVE SUMMARY: The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12992 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12993 CVE STATUS: Patched CVE SUMMARY: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12993 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12994 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12994 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12995 CVE STATUS: Patched CVE SUMMARY: The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12995 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12996 CVE STATUS: Patched CVE SUMMARY: The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12996 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12997 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12997 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12998 CVE STATUS: Patched CVE SUMMARY: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12998 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12999 CVE STATUS: Patched CVE SUMMARY: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12999 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13000 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13000 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13001 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13001 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13002 CVE STATUS: Patched CVE SUMMARY: The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13002 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13003 CVE STATUS: Patched CVE SUMMARY: The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13003 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13004 CVE STATUS: Patched CVE SUMMARY: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13004 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13005 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13005 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13006 CVE STATUS: Patched CVE SUMMARY: The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13006 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13007 CVE STATUS: Patched CVE SUMMARY: The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13007 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13008 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13008 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13009 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13009 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13010 CVE STATUS: Patched CVE SUMMARY: The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13010 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13011 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13011 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13012 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13012 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13013 CVE STATUS: Patched CVE SUMMARY: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13013 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13014 CVE STATUS: Patched CVE SUMMARY: The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13014 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13015 CVE STATUS: Patched CVE SUMMARY: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13015 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13016 CVE STATUS: Patched CVE SUMMARY: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13016 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13017 CVE STATUS: Patched CVE SUMMARY: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13017 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13018 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13018 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13019 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13019 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13020 CVE STATUS: Patched CVE SUMMARY: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13020 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13021 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13021 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13022 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13022 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13023 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13023 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13024 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13024 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13025 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13025 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13026 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13026 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13027 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13027 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13028 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13028 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13029 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13029 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13030 CVE STATUS: Patched CVE SUMMARY: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13030 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13031 CVE STATUS: Patched CVE SUMMARY: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13031 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13032 CVE STATUS: Patched CVE SUMMARY: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13032 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13033 CVE STATUS: Patched CVE SUMMARY: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13033 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13034 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13034 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13035 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13035 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13036 CVE STATUS: Patched CVE SUMMARY: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13036 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13037 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13037 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13038 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13038 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13039 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13039 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13040 CVE STATUS: Patched CVE SUMMARY: The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13040 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13041 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13041 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13042 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13042 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13043 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13043 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13044 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13044 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13045 CVE STATUS: Patched CVE SUMMARY: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13045 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13046 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13046 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13047 CVE STATUS: Patched CVE SUMMARY: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13047 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13048 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13048 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13049 CVE STATUS: Patched CVE SUMMARY: The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13049 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13050 CVE STATUS: Patched CVE SUMMARY: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13050 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13051 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13051 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13052 CVE STATUS: Patched CVE SUMMARY: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13052 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13053 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13053 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13054 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13054 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13055 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13055 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13687 CVE STATUS: Patched CVE SUMMARY: The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13687 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13688 CVE STATUS: Patched CVE SUMMARY: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13688 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13689 CVE STATUS: Patched CVE SUMMARY: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13689 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13690 CVE STATUS: Patched CVE SUMMARY: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13690 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13725 CVE STATUS: Patched CVE SUMMARY: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13725 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-16808 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16808 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5202 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5202 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5203 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5203 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5204 CVE STATUS: Patched CVE SUMMARY: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5204 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5205 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5205 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5341 CVE STATUS: Patched CVE SUMMARY: The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5341 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5342 CVE STATUS: Patched CVE SUMMARY: In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5342 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5482 CVE STATUS: Patched CVE SUMMARY: The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5482 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5483 CVE STATUS: Patched CVE SUMMARY: The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5483 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5484 CVE STATUS: Patched CVE SUMMARY: The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5484 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5485 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5485 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5486 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5486 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-10103 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10103 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-10105 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10105 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14461 CVE STATUS: Patched CVE SUMMARY: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14461 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14462 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14462 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14463 CVE STATUS: Patched CVE SUMMARY: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14463 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14464 CVE STATUS: Patched CVE SUMMARY: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14464 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14465 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14465 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14466 CVE STATUS: Patched CVE SUMMARY: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14466 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14467 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14467 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14468 CVE STATUS: Patched CVE SUMMARY: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14468 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14469 CVE STATUS: Patched CVE SUMMARY: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14469 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14470 CVE STATUS: Patched CVE SUMMARY: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14470 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14879 CVE STATUS: Patched CVE SUMMARY: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14879 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14880 CVE STATUS: Patched CVE SUMMARY: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14880 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14881 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14881 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14882 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14882 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16227 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16227 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16228 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16228 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16229 CVE STATUS: Patched CVE SUMMARY: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16229 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16230 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16230 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16300 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16300 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16301 CVE STATUS: Patched CVE SUMMARY: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16301 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16451 CVE STATUS: Patched CVE SUMMARY: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16451 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16452 CVE STATUS: Patched CVE SUMMARY: The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16452 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-19519 CVE STATUS: Patched CVE SUMMARY: In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19519 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-1010220 CVE STATUS: Patched CVE SUMMARY: tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010220 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-15166 CVE STATUS: Patched CVE SUMMARY: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15166 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-15167 CVE STATUS: Patched CVE SUMMARY: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15167 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2020-8036 CVE STATUS: Patched CVE SUMMARY: The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8036 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2020-8037 CVE STATUS: Patched CVE SUMMARY: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8037 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2023-1801 CVE STATUS: Patched CVE SUMMARY: The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1801 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2024-2397 CVE STATUS: Patched CVE SUMMARY: Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-2397 LAYER: meta PACKAGE NAME: orc PACKAGE VERSION: 0.4.39 CVE: CVE-2018-8015 CVE STATUS: Patched CVE SUMMARY: In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8015 LAYER: meta PACKAGE NAME: orc PACKAGE VERSION: 0.4.39 CVE: CVE-2024-40897 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-40897 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2015-5237 CVE STATUS: Patched CVE SUMMARY: protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5237 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-22570 CVE STATUS: Patched CVE SUMMARY: Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22570 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-3121 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3121 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2023-24535 CVE STATUS: Patched CVE SUMMARY: Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24535 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-4619 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4619 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6277 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6277 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6278 CVE STATUS: Patched CVE SUMMARY: Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6278 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6279 CVE STATUS: Patched CVE SUMMARY: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6279 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-8962 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8962 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-9028 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9028 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2017-6888 CVE STATUS: Patched CVE SUMMARY: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6888 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2020-22219 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22219 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2003-0252 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0252 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-0154 CVE STATUS: Patched CVE SUMMARY: rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0154 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-0946 CVE STATUS: Patched CVE SUMMARY: rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0946 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-1014 CVE STATUS: Patched CVE SUMMARY: statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1014 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2008-4552 CVE STATUS: Patched CVE SUMMARY: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4552 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2009-0180 CVE STATUS: Patched CVE SUMMARY: Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0180 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2011-1749 CVE STATUS: Patched CVE SUMMARY: The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1749 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2011-2500 CVE STATUS: Patched CVE SUMMARY: The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2500 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2013-1923 CVE STATUS: Patched CVE SUMMARY: rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. CVSS v2 BASE SCORE: 3.2 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1923 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2019-3689 CVE STATUS: Patched CVE SUMMARY: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3689 LAYER: meta PACKAGE NAME: libtool PACKAGE VERSION: 2.4.7 CVE: CVE-2004-0256 CVE STATUS: Patched CVE SUMMARY: GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0256 LAYER: meta PACKAGE NAME: libtool PACKAGE VERSION: 2.4.7 CVE: CVE-2009-3736 CVE STATUS: Patched CVE SUMMARY: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3736 LAYER: meta PACKAGE NAME: libxres PACKAGE VERSION: 1_1.2.2 CVE: CVE-2013-1988 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1988 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2019-14378 CVE STATUS: Patched CVE SUMMARY: ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14378 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2019-15890 CVE STATUS: Patched CVE SUMMARY: libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15890 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-10756 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-1983 CVE STATUS: Patched CVE SUMMARY: A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1983 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-29129 CVE STATUS: Patched CVE SUMMARY: ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29129 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-29130 CVE STATUS: Patched CVE SUMMARY: slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29130 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-7039 CVE STATUS: Patched CVE SUMMARY: tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7039 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-7211 CVE STATUS: Patched CVE SUMMARY: tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7211 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2020-8608 CVE STATUS: Patched CVE SUMMARY: In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8608 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3592 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3592 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3593 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3593 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3594 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3594 LAYER: meta PACKAGE NAME: libslirp PACKAGE VERSION: 4.7.0 CVE: CVE-2021-3595 CVE STATUS: Patched CVE SUMMARY: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3595 LAYER: meta PACKAGE NAME: libxdmcp PACKAGE VERSION: 1_1.1.4 CVE: CVE-2017-2625 CVE STATUS: Patched CVE SUMMARY: It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2625 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2003-0102 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0102 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2004-1304 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1304 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-1536 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1536 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2026 CVE STATUS: Patched CVE SUMMARY: The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2026 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2799 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2799 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-1515 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1515 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-3930 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3930 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2012-1571 CVE STATUS: Patched CVE SUMMARY: file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1571 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2013-7345 CVE STATUS: Patched CVE SUMMARY: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7345 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-0207 CVE STATUS: Patched CVE SUMMARY: The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0207 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-2270 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2270 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3478 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3478 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3479 CVE STATUS: Patched CVE SUMMARY: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3479 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3480 CVE STATUS: Patched CVE SUMMARY: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3480 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3487 CVE STATUS: Patched CVE SUMMARY: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3487 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3538 CVE STATUS: Patched CVE SUMMARY: file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3538 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3587 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3587 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8116 CVE STATUS: Patched CVE SUMMARY: The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8116 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8117 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8117 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9620 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9620 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9621 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9621 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9652 CVE STATUS: Patched CVE SUMMARY: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9652 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9653 CVE STATUS: Patched CVE SUMMARY: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9653 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2017-1000249 CVE STATUS: Patched CVE SUMMARY: An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000249 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2018-10360 CVE STATUS: Patched CVE SUMMARY: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10360 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-18218 CVE STATUS: Patched CVE SUMMARY: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18218 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8904 CVE STATUS: Patched CVE SUMMARY: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8904 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8905 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8905 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8906 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8906 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8907 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8907 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2022-48554 CVE STATUS: Patched CVE SUMMARY: File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48554 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2006-5876 CVE STATUS: Patched CVE SUMMARY: The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5876 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2009-0585 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0585 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2011-2524 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2524 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2012-2132 CVE STATUS: Patched CVE SUMMARY: libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2132 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2017-2885 CVE STATUS: Patched CVE SUMMARY: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2885 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2018-11713 CVE STATUS: Patched CVE SUMMARY: WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11713 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2018-12910 CVE STATUS: Patched CVE SUMMARY: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12910 LAYER: meta PACKAGE NAME: libsoup PACKAGE VERSION: 3.4.4 CVE: CVE-2019-17266 CVE STATUS: Patched CVE SUMMARY: libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17266 LAYER: meta PACKAGE NAME: alsa-lib PACKAGE VERSION: 1.2.11 CVE: CVE-2005-0087 CVE STATUS: Patched CVE SUMMARY: The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0087 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2004-0107 CVE STATUS: Patched CVE SUMMARY: The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0107 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2004-0108 CVE STATUS: Patched CVE SUMMARY: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0108 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2007-3852 CVE STATUS: Patched CVE SUMMARY: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3852 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2018-19416 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19416 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2018-19517 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19517 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2019-16167 CVE STATUS: Patched CVE SUMMARY: sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16167 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2019-19725 CVE STATUS: Patched CVE SUMMARY: sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19725 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2022-39377 CVE STATUS: Patched CVE SUMMARY: sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39377 LAYER: meta PACKAGE NAME: sysstat PACKAGE VERSION: 12.7.5 CVE: CVE-2023-33204 CVE STATUS: Patched CVE SUMMARY: sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33204 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2005-0470 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0470 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2007-6025 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6025 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2014-3686 CVE STATUS: Patched CVE SUMMARY: wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3686 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-0210 CVE STATUS: Patched CVE SUMMARY: wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0210 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-1863 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1863 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4141 CVE STATUS: Patched CVE SUMMARY: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4141 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4142 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4142 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4143 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4143 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4144 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4144 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4145 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4145 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-4146 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4146 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5314 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5314 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5315 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5315 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-5316 CVE STATUS: Patched CVE SUMMARY: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5316 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2015-8041 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8041 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2016-4476 CVE STATUS: Patched CVE SUMMARY: hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4476 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13077 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13077 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13078 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13078 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13079 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13079 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13080 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13080 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13081 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13081 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13082 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13082 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13084 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13084 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13086 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 6.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13086 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13087 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13087 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2017-13088 CVE STATUS: Patched CVE SUMMARY: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 5.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13088 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2018-14526 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14526 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-11555 CVE STATUS: Patched CVE SUMMARY: The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11555 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-16275 CVE STATUS: Patched CVE SUMMARY: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16275 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9494 CVE STATUS: Patched CVE SUMMARY: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9494 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9495 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9495 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9496 CVE STATUS: Patched CVE SUMMARY: An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9496 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9497 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9497 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9498 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9498 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2019-9499 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9499 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2021-27803 CVE STATUS: Patched CVE SUMMARY: A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 7.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27803 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2021-30004 CVE STATUS: Patched CVE SUMMARY: In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30004 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2022-23303 CVE STATUS: Patched CVE SUMMARY: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23303 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2022-23304 CVE STATUS: Patched CVE SUMMARY: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23304 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2023-52160 CVE STATUS: Patched CVE SUMMARY: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52160 LAYER: meta PACKAGE NAME: wpa-supplicant PACKAGE VERSION: 2.10 CVE: CVE-2024-5290 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-5290 LAYER: meta PACKAGE NAME: libunwind PACKAGE VERSION: 1.6.2 CVE: CVE-2015-3239 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3239 LAYER: meta PACKAGE NAME: distcc PACKAGE VERSION: 3.4 CVE: CVE-2004-0601 CVE STATUS: Patched CVE SUMMARY: distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0601 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2011-1935 CVE STATUS: Patched CVE SUMMARY: pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1935 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15161 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15161 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15162 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15162 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15163 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15163 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15164 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15164 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2019-15165 CVE STATUS: Patched CVE SUMMARY: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15165 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2023-7256 CVE STATUS: Patched CVE SUMMARY: In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7256 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.4 CVE: CVE-2024-8006 CVE STATUS: Patched CVE SUMMARY: Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8006 LAYER: meta PACKAGE NAME: kbd PACKAGE VERSION: 2.6.4 CVE: CVE-2011-0460 CVE STATUS: Patched CVE SUMMARY: The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0460 LAYER: meta PACKAGE NAME: librepo PACKAGE VERSION: 1.17.0 CVE: CVE-2020-14352 CVE STATUS: Patched CVE SUMMARY: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14352 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-1999-1439 CVE STATUS: Patched CVE SUMMARY: gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1439 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2000-1219 CVE STATUS: Patched CVE SUMMARY: The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1219 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2002-2439 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-2439 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2006-1902 CVE STATUS: Patched CVE SUMMARY: fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1902 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1367 CVE STATUS: Patched CVE SUMMARY: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1367 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2008-1685 CVE STATUS: Patched CVE SUMMARY: gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1685 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2013-4598 CVE STATUS: Patched CVE SUMMARY: The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4598 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2015-5276 CVE STATUS: Patched CVE SUMMARY: The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5276 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2017-11671 CVE STATUS: Patched CVE SUMMARY: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11671 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2018-12886 CVE STATUS: Patched CVE SUMMARY: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12886 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2019-15847 CVE STATUS: Patched CVE SUMMARY: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15847 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-37322 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: Is a binutils 2.26 issue, not gcc CVE SUMMARY: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-3826 CVE STATUS: Patched CVE SUMMARY: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3826 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2021-46195 CVE STATUS: Patched CVE SUMMARY: GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46195 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2022-27943 CVE STATUS: Patched CVE SUMMARY: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27943 LAYER: meta PACKAGE NAME: gcc-runtime PACKAGE VERSION: 13.3.0 CVE: CVE-2023-4039 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source CVE SUMMARY: **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4039 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2014-0012 CVE STATUS: Patched CVE SUMMARY: FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0012 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2014-1402 CVE STATUS: Patched CVE SUMMARY: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1402 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2016-10745 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10745 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2019-10906 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10906 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2019-8341 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8341 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2020-28493 CVE STATUS: Patched CVE SUMMARY: This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28493 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.4 CVE: CVE-2024-22195 CVE STATUS: Patched CVE SUMMARY: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22195 LAYER: meta-oe PACKAGE NAME: libopus PACKAGE VERSION: 1.5.2 CVE: CVE-2013-0899 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0899 LAYER: meta PACKAGE NAME: quota PACKAGE VERSION: 4.09 CVE: CVE-2012-3417 CVE STATUS: Patched CVE SUMMARY: The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3417 LAYER: meta PACKAGE NAME: time PACKAGE VERSION: 1.9 CVE: CVE-2020-26235 CVE STATUS: Patched CVE SUMMARY: In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26235 LAYER: meta PACKAGE NAME: time PACKAGE VERSION: 1.9 CVE: CVE-2023-28756 CVE STATUS: Patched CVE SUMMARY: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28756 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2015-8872 CVE STATUS: Patched CVE SUMMARY: The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8872 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2016-4804 CVE STATUS: Patched CVE SUMMARY: The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4804 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2019-11922 CVE STATUS: Patched CVE SUMMARY: A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11922 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2021-24031 CVE STATUS: Patched CVE SUMMARY: In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24031 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2021-24032 CVE STATUS: Patched CVE SUMMARY: Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24032 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.5 CVE: CVE-2022-4899 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4899 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-1999-0428 CVE STATUS: Patched CVE SUMMARY: OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0428 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2000-0535 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0535 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2000-1254 CVE STATUS: Patched CVE SUMMARY: crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1254 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2001-1141 CVE STATUS: Patched CVE SUMMARY: The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1141 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2002-0655 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0655 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2002-0656 CVE STATUS: Patched CVE SUMMARY: Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0656 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2002-0657 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0657 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2002-0659 CVE STATUS: Patched CVE SUMMARY: The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0659 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2002-1568 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1568 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0078 CVE STATUS: Patched CVE SUMMARY: ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0078 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0131 CVE STATUS: Patched CVE SUMMARY: The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0131 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0147 CVE STATUS: Patched CVE SUMMARY: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0147 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0543 CVE STATUS: Patched CVE SUMMARY: Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0543 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0544 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0544 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0545 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0545 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2003-0851 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0851 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2004-0079 CVE STATUS: Patched CVE SUMMARY: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0079 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2004-0081 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0081 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2004-0975 CVE STATUS: Patched CVE SUMMARY: The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0975 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2005-1797 CVE STATUS: Patched CVE SUMMARY: The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1797 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2005-2946 CVE STATUS: Patched CVE SUMMARY: The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2946 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2005-2969 CVE STATUS: Patched CVE SUMMARY: The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2969 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-2937 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2937 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-2940 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2940 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-3738 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3738 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-4339 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4339 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-4343 CVE STATUS: Patched CVE SUMMARY: The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4343 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2006-7250 CVE STATUS: Patched CVE SUMMARY: The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7250 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2007-3108 CVE STATUS: Patched CVE SUMMARY: The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3108 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2007-4995 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4995 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2007-5135 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5135 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-0166 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0166 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-0891 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0891 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-1672 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1672 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-1678 CVE STATUS: Patched CVE SUMMARY: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1678 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-5077 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5077 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2008-7270 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-7270 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-0590 CVE STATUS: Patched CVE SUMMARY: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0590 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-0591 CVE STATUS: Patched CVE SUMMARY: The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0591 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-0653 CVE STATUS: Patched CVE SUMMARY: OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0653 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-0789 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0789 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-1377 CVE STATUS: Patched CVE SUMMARY: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1377 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-1378 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1378 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-1379 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1379 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-1386 CVE STATUS: Patched CVE SUMMARY: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1386 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-1387 CVE STATUS: Patched CVE SUMMARY: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1387 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-2409 CVE STATUS: Patched CVE SUMMARY: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2409 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-3245 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3245 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2009-4355 CVE STATUS: Patched CVE SUMMARY: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4355 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-0433 CVE STATUS: Patched CVE SUMMARY: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0433 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-0740 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0740 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-0742 CVE STATUS: Patched CVE SUMMARY: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0742 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-0928 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0928 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-1633 CVE STATUS: Patched CVE SUMMARY: RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1633 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-2939 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2939 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-3864 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3864 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-4180 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4180 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-4252 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4252 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2010-5298 CVE STATUS: Patched CVE SUMMARY: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5298 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-0014 CVE STATUS: Patched CVE SUMMARY: ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0014 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-1473 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1473 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-1945 CVE STATUS: Patched CVE SUMMARY: The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1945 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-3207 CVE STATUS: Patched CVE SUMMARY: crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3207 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-3210 CVE STATUS: Patched CVE SUMMARY: The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3210 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4108 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4108 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4109 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4109 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4354 CVE STATUS: Patched CVE SUMMARY: crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4354 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4576 CVE STATUS: Patched CVE SUMMARY: The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4576 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4577 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4577 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-4619 CVE STATUS: Patched CVE SUMMARY: The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4619 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2011-5095 CVE STATUS: Patched CVE SUMMARY: The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-5095 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-0027 CVE STATUS: Patched CVE SUMMARY: The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0027 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-0050 CVE STATUS: Patched CVE SUMMARY: OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0050 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-0884 CVE STATUS: Patched CVE SUMMARY: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0884 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-1165 CVE STATUS: Patched CVE SUMMARY: The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1165 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-2110 CVE STATUS: Patched CVE SUMMARY: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2110 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-2131 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2131 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-2333 CVE STATUS: Patched CVE SUMMARY: Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2333 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2012-2686 CVE STATUS: Patched CVE SUMMARY: crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2686 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2013-0166 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0166 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2013-0169 CVE STATUS: Patched CVE SUMMARY: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0169 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2013-4353 CVE STATUS: Patched CVE SUMMARY: The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4353 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2013-6449 CVE STATUS: Patched CVE SUMMARY: The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6449 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2013-6450 CVE STATUS: Patched CVE SUMMARY: The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6450 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0076 CVE STATUS: Patched CVE SUMMARY: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0076 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0160 CVE STATUS: Patched CVE SUMMARY: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0160 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0195 CVE STATUS: Patched CVE SUMMARY: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0195 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0198 CVE STATUS: Patched CVE SUMMARY: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0198 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0221 CVE STATUS: Patched CVE SUMMARY: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0221 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3470 CVE STATUS: Patched CVE SUMMARY: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3470 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3505 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3505 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3506 CVE STATUS: Patched CVE SUMMARY: d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3506 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3507 CVE STATUS: Patched CVE SUMMARY: Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3507 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3508 CVE STATUS: Patched CVE SUMMARY: The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3508 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3509 CVE STATUS: Patched CVE SUMMARY: Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3509 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3510 CVE STATUS: Patched CVE SUMMARY: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3510 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3511 CVE STATUS: Patched CVE SUMMARY: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3511 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3512 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3512 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3513 CVE STATUS: Patched CVE SUMMARY: Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3513 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3566 CVE STATUS: Patched CVE SUMMARY: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3566 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3567 CVE STATUS: Patched CVE SUMMARY: Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3567 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3568 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3568 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3569 CVE STATUS: Patched CVE SUMMARY: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3569 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3570 CVE STATUS: Patched CVE SUMMARY: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3570 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3571 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3571 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-3572 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3572 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-5139 CVE STATUS: Patched CVE SUMMARY: The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5139 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-8176 CVE STATUS: Patched CVE SUMMARY: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8176 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2014-8275 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8275 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0204 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0204 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0205 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0205 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0206 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0206 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0207 CVE STATUS: Patched CVE SUMMARY: The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0207 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0208 CVE STATUS: Patched CVE SUMMARY: The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0208 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0209 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0209 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0285 CVE STATUS: Patched CVE SUMMARY: The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0285 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0286 CVE STATUS: Patched CVE SUMMARY: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0286 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0287 CVE STATUS: Patched CVE SUMMARY: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0287 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0288 CVE STATUS: Patched CVE SUMMARY: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0288 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0289 CVE STATUS: Patched CVE SUMMARY: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0289 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0290 CVE STATUS: Patched CVE SUMMARY: The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0290 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0291 CVE STATUS: Patched CVE SUMMARY: The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0291 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0292 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0292 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-0293 CVE STATUS: Patched CVE SUMMARY: The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0293 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1787 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1787 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1788 CVE STATUS: Patched CVE SUMMARY: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1788 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1789 CVE STATUS: Patched CVE SUMMARY: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1789 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1790 CVE STATUS: Patched CVE SUMMARY: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1790 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1791 CVE STATUS: Patched CVE SUMMARY: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1791 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1792 CVE STATUS: Patched CVE SUMMARY: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1792 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1793 CVE STATUS: Patched CVE SUMMARY: The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1793 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-1794 CVE STATUS: Patched CVE SUMMARY: The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1794 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3193 CVE STATUS: Patched CVE SUMMARY: The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3193 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3194 CVE STATUS: Patched CVE SUMMARY: crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3194 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3195 CVE STATUS: Patched CVE SUMMARY: The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3195 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3196 CVE STATUS: Patched CVE SUMMARY: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3196 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3197 CVE STATUS: Patched CVE SUMMARY: ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3197 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-3216 CVE STATUS: Patched CVE SUMMARY: Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3216 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2015-4000 CVE STATUS: Patched CVE SUMMARY: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4000 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0701 CVE STATUS: Patched CVE SUMMARY: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0701 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0702 CVE STATUS: Patched CVE SUMMARY: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0702 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0703 CVE STATUS: Patched CVE SUMMARY: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0703 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0704 CVE STATUS: Patched CVE SUMMARY: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0704 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0705 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0705 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0797 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0797 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0798 CVE STATUS: Patched CVE SUMMARY: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0798 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0799 CVE STATUS: Patched CVE SUMMARY: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0799 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-0800 CVE STATUS: Patched CVE SUMMARY: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0800 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2105 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2105 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2106 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2106 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2107 CVE STATUS: Patched CVE SUMMARY: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2107 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2108 CVE STATUS: Patched CVE SUMMARY: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2108 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2109 CVE STATUS: Patched CVE SUMMARY: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2109 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2176 CVE STATUS: Patched CVE SUMMARY: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2176 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2177 CVE STATUS: Patched CVE SUMMARY: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2177 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2178 CVE STATUS: Patched CVE SUMMARY: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2178 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2179 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2179 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2180 CVE STATUS: Patched CVE SUMMARY: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2180 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2181 CVE STATUS: Patched CVE SUMMARY: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2181 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2182 CVE STATUS: Patched CVE SUMMARY: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2182 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2183 CVE STATUS: Patched CVE SUMMARY: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-2842 CVE STATUS: Patched CVE SUMMARY: The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2842 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6302 CVE STATUS: Patched CVE SUMMARY: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6302 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6303 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6303 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6304 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6304 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6305 CVE STATUS: Patched CVE SUMMARY: The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6305 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6306 CVE STATUS: Patched CVE SUMMARY: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6306 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6307 CVE STATUS: Patched CVE SUMMARY: The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6307 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6308 CVE STATUS: Patched CVE SUMMARY: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6308 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-6309 CVE STATUS: Patched CVE SUMMARY: statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6309 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-7052 CVE STATUS: Patched CVE SUMMARY: crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7052 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-7053 CVE STATUS: Patched CVE SUMMARY: In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7053 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-7054 CVE STATUS: Patched CVE SUMMARY: In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7054 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-7055 CVE STATUS: Patched CVE SUMMARY: There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7055 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-7056 CVE STATUS: Patched CVE SUMMARY: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7056 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2016-8610 CVE STATUS: Patched CVE SUMMARY: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8610 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3730 CVE STATUS: Patched CVE SUMMARY: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3730 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3731 CVE STATUS: Patched CVE SUMMARY: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3731 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3732 CVE STATUS: Patched CVE SUMMARY: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3732 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3733 CVE STATUS: Patched CVE SUMMARY: During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3733 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3735 CVE STATUS: Patched CVE SUMMARY: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3735 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3736 CVE STATUS: Patched CVE SUMMARY: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3736 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3737 CVE STATUS: Patched CVE SUMMARY: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3737 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2017-3738 CVE STATUS: Patched CVE SUMMARY: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3738 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0732 CVE STATUS: Patched CVE SUMMARY: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0732 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0733 CVE STATUS: Patched CVE SUMMARY: Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0733 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0734 CVE STATUS: Patched CVE SUMMARY: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0734 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0735 CVE STATUS: Patched CVE SUMMARY: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0735 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0737 CVE STATUS: Patched CVE SUMMARY: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0737 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-0739 CVE STATUS: Patched CVE SUMMARY: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0739 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2018-5407 CVE STATUS: Patched CVE SUMMARY: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5407 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1543 CVE STATUS: Patched CVE SUMMARY: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1543 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1547 CVE STATUS: Patched CVE SUMMARY: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1547 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1549 CVE STATUS: Patched CVE SUMMARY: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1549 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1551 CVE STATUS: Patched CVE SUMMARY: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1551 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1552 CVE STATUS: Patched CVE SUMMARY: OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1552 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1559 CVE STATUS: Patched CVE SUMMARY: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1559 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2019-1563 CVE STATUS: Patched CVE SUMMARY: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1563 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2020-1967 CVE STATUS: Patched CVE SUMMARY: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1967 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2020-1968 CVE STATUS: Patched CVE SUMMARY: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1968 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2020-1971 CVE STATUS: Patched CVE SUMMARY: The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1971 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-23839 CVE STATUS: Patched CVE SUMMARY: OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23839 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-23840 CVE STATUS: Patched CVE SUMMARY: Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23840 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-23841 CVE STATUS: Patched CVE SUMMARY: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23841 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-3449 CVE STATUS: Patched CVE SUMMARY: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3449 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-3450 CVE STATUS: Patched CVE SUMMARY: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3450 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-3711 CVE STATUS: Patched CVE SUMMARY: In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3711 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-3712 CVE STATUS: Patched CVE SUMMARY: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3712 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-4044 CVE STATUS: Patched CVE SUMMARY: Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4044 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2021-4160 CVE STATUS: Patched CVE SUMMARY: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4160 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-0778 CVE STATUS: Patched CVE SUMMARY: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0778 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-1292 CVE STATUS: Patched CVE SUMMARY: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1292 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-1343 CVE STATUS: Patched CVE SUMMARY: The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1343 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-1434 CVE STATUS: Patched CVE SUMMARY: The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1434 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-1473 CVE STATUS: Patched CVE SUMMARY: The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1473 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-2068 CVE STATUS: Patched CVE SUMMARY: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2068 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-2097 CVE STATUS: Patched CVE SUMMARY: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2097 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-2274 CVE STATUS: Patched CVE SUMMARY: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2274 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-3358 CVE STATUS: Patched CVE SUMMARY: OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3358 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-3602 CVE STATUS: Patched CVE SUMMARY: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3602 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-3786 CVE STATUS: Patched CVE SUMMARY: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3786 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-3996 CVE STATUS: Patched CVE SUMMARY: If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3996 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-4203 CVE STATUS: Patched CVE SUMMARY: A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4203 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-4304 CVE STATUS: Patched CVE SUMMARY: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4304 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2022-4450 CVE STATUS: Patched CVE SUMMARY: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4450 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0215 CVE STATUS: Patched CVE SUMMARY: The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0215 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0216 CVE STATUS: Patched CVE SUMMARY: An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0216 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0217 CVE STATUS: Patched CVE SUMMARY: An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0217 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0286 CVE STATUS: Patched CVE SUMMARY: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0286 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0401 CVE STATUS: Patched CVE SUMMARY: A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0401 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0464 CVE STATUS: Patched CVE SUMMARY: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0465 CVE STATUS: Patched CVE SUMMARY: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0465 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-0466 CVE STATUS: Patched CVE SUMMARY: The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0466 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-1255 CVE STATUS: Patched CVE SUMMARY: Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1255 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-2650 CVE STATUS: Patched CVE SUMMARY: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2650 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-2975 CVE STATUS: Patched CVE SUMMARY: Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2975 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-3446 CVE STATUS: Patched CVE SUMMARY: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3446 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-3817 CVE STATUS: Patched CVE SUMMARY: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3817 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-4807 CVE STATUS: Patched CVE SUMMARY: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4807 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-5363 CVE STATUS: Patched CVE SUMMARY: Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5363 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-5678 CVE STATUS: Patched CVE SUMMARY: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5678 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2023-6129 CVE STATUS: Patched CVE SUMMARY: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6129 LAYER: meta PACKAGE NAME: openssl PACKAGE VERSION: 3.2.3 CVE: CVE-2024-0727 CVE STATUS: Patched CVE SUMMARY: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0727 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2008-4201 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4201 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-26567 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26567 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32272 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32272 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32273 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32273 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32274 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32274 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32276 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32276 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32277 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32277 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2021-32278 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32278 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2023-38857 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38857 LAYER: meta-oe PACKAGE NAME: faad2 PACKAGE VERSION: 2.11.1+git CVE: CVE-2023-38858 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38858 LAYER: meta PACKAGE NAME: libffi PACKAGE VERSION: 3.4.6 CVE: CVE-2017-1000376 CVE STATUS: Patched CVE SUMMARY: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000376 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2001-1228 CVE STATUS: Patched CVE SUMMARY: Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1228 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2003-0367 CVE STATUS: Patched CVE SUMMARY: znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0367 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2004-0603 CVE STATUS: Patched CVE SUMMARY: gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0603 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2004-0970 CVE STATUS: Patched CVE SUMMARY: The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0970 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2004-1349 CVE STATUS: Patched CVE SUMMARY: gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1349 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2005-0758 CVE STATUS: Patched CVE SUMMARY: zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0758 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2005-0988 CVE STATUS: Patched CVE SUMMARY: Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0988 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2005-1228 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1228 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2006-4334 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4334 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2006-4335 CVE STATUS: Patched CVE SUMMARY: Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4335 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2006-4336 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4336 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2006-4337 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4337 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2006-4338 CVE STATUS: Patched CVE SUMMARY: unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4338 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2009-2624 CVE STATUS: Patched CVE SUMMARY: The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2624 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2010-0001 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0001 LAYER: meta PACKAGE NAME: gzip PACKAGE VERSION: 1.13 CVE: CVE-2022-1271 CVE STATUS: Patched CVE SUMMARY: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1271 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2016-10749 CVE STATUS: Patched CVE SUMMARY: parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10749 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2018-1000215 CVE STATUS: Patched CVE SUMMARY: Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000215 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2018-1000216 CVE STATUS: Patched CVE SUMMARY: Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000216 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2018-1000217 CVE STATUS: Patched CVE SUMMARY: Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000217 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2019-1010239 CVE STATUS: Patched CVE SUMMARY: DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010239 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2019-11834 CVE STATUS: Patched CVE SUMMARY: cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11834 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2019-11835 CVE STATUS: Patched CVE SUMMARY: cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11835 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2023-50471 CVE STATUS: Patched CVE SUMMARY: cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50471 LAYER: meta-oe PACKAGE NAME: cjson PACKAGE VERSION: 1.7.18 CVE: CVE-2023-50472 CVE STATUS: Patched CVE SUMMARY: cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50472 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2004-0657 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0657 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-0021 CVE STATUS: Patched CVE SUMMARY: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0021 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-0159 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0159 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-1252 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1252 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2009-3563 CVE STATUS: Patched CVE SUMMARY: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3563 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2013-5211 CVE STATUS: Patched CVE SUMMARY: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5211 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-5209 CVE STATUS: Patched CVE SUMMARY: An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5209 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9293 CVE STATUS: Patched CVE SUMMARY: The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9293 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9294 CVE STATUS: Patched CVE SUMMARY: util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9294 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9295 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9295 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9296 CVE STATUS: Patched CVE SUMMARY: The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9296 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9750 CVE STATUS: Patched CVE SUMMARY: ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9750 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2014-9751 CVE STATUS: Patched CVE SUMMARY: The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9751 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-1798 CVE STATUS: Patched CVE SUMMARY: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. CVSS v2 BASE SCORE: 1.8 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1798 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-1799 CVE STATUS: Patched CVE SUMMARY: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1799 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-3405 CVE STATUS: Patched CVE SUMMARY: ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3405 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5146 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5146 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5194 CVE STATUS: Patched CVE SUMMARY: The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5194 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5195 CVE STATUS: Patched CVE SUMMARY: ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5195 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5219 CVE STATUS: Patched CVE SUMMARY: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5219 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-5300 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5300 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7691 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7691 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7692 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7692 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7701 CVE STATUS: Patched CVE SUMMARY: Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7701 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7702 CVE STATUS: Patched CVE SUMMARY: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7702 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7703 CVE STATUS: Patched CVE SUMMARY: The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7703 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7704 CVE STATUS: Patched CVE SUMMARY: The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7704 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7705 CVE STATUS: Patched CVE SUMMARY: The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7705 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7849 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7849 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7850 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7850 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7851 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7851 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7852 CVE STATUS: Patched CVE SUMMARY: ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7852 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7853 CVE STATUS: Patched CVE SUMMARY: The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7853 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7854 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7854 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7855 CVE STATUS: Patched CVE SUMMARY: The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7855 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7871 CVE STATUS: Patched CVE SUMMARY: Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7871 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7973 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7973 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7974 CVE STATUS: Patched CVE SUMMARY: NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7974 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7975 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7975 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7976 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7976 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7977 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7977 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7978 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7978 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-7979 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7979 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8138 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8138 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8139 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8139 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8140 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8140 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2015-8158 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8158 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1547 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1547 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1548 CVE STATUS: Patched CVE SUMMARY: An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1548 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1549 CVE STATUS: Patched CVE SUMMARY: A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1549 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1550 CVE STATUS: Patched CVE SUMMARY: An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1550 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-1551 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1551 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2516 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2516 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2517 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2517 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2518 CVE STATUS: Patched CVE SUMMARY: The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2518 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-2519 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2519 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4953 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4953 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4954 CVE STATUS: Patched CVE SUMMARY: The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4954 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4955 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4955 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4956 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4956 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-4957 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4957 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7426 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7426 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7427 CVE STATUS: Patched CVE SUMMARY: The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7427 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7428 CVE STATUS: Patched CVE SUMMARY: ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.3 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7428 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7429 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7429 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7431 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7431 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7433 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7433 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-7434 CVE STATUS: Patched CVE SUMMARY: The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7434 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9042 CVE STATUS: Patched CVE SUMMARY: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9042 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9310 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9310 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9311 CVE STATUS: Patched CVE DETAIL: fixed-version CVE DESCRIPTION: Yocto CVE check can not handle 'p' in ntp version CVE SUMMARY: ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9311 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2016-9312 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9312 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6451 CVE STATUS: Patched CVE SUMMARY: The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6451 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6452 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6452 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6455 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6455 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6458 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6458 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6459 CVE STATUS: Patched CVE SUMMARY: The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6459 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6460 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6460 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6462 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6462 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6463 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6463 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2017-6464 CVE STATUS: Patched CVE SUMMARY: NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6464 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-12327 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12327 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7170 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7170 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7182 CVE STATUS: Patched CVE SUMMARY: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7182 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7183 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7183 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7184 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7184 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-7185 CVE STATUS: Patched CVE SUMMARY: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7185 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2018-8956 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8956 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2019-11331 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: inherent to RFC 5905 and cannot be fixed without breaking compatibility CVE SUMMARY: Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11331 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2019-8936 CVE STATUS: Patched CVE SUMMARY: NTP through 4.2.8p12 has a NULL Pointer Dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8936 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-11868 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11868 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-13817 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13817 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2020-15025 CVE STATUS: Patched CVE SUMMARY: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15025 LAYER: meta-networking PACKAGE NAME: ntp PACKAGE VERSION: 4.2.8p17 CVE: CVE-2023-26551 CVE STATUS: Patched CVE SUMMARY: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12049 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2020-35512 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35512 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42010 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42010 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42011 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42011 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42012 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42012 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2023-34969 CVE STATUS: Patched CVE SUMMARY: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34969 LAYER: meta PACKAGE NAME: libxcursor PACKAGE VERSION: 1_1.2.2 CVE: CVE-2013-2003 CVE STATUS: Patched CVE SUMMARY: Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2003 LAYER: meta PACKAGE NAME: libxcursor PACKAGE VERSION: 1_1.2.2 CVE: CVE-2015-9262 CVE STATUS: Patched CVE SUMMARY: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9262 LAYER: meta PACKAGE NAME: libxcursor PACKAGE VERSION: 1_1.2.2 CVE: CVE-2017-16612 CVE STATUS: Patched CVE SUMMARY: libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16612 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2001-0408 CVE STATUS: Patched CVE SUMMARY: vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0408 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2001-0409 CVE STATUS: Patched CVE SUMMARY: vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0409 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2002-1377 CVE STATUS: Patched CVE SUMMARY: vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1377 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2004-1138 CVE STATUS: Patched CVE SUMMARY: VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1138 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2005-0069 CVE STATUS: Patched CVE SUMMARY: The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0069 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2005-2368 CVE STATUS: Patched CVE SUMMARY: vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2368 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2007-2438 CVE STATUS: Patched CVE SUMMARY: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2438 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2007-2953 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2953 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-2712 CVE STATUS: Patched CVE SUMMARY: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2712 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-3074 CVE STATUS: Patched CVE SUMMARY: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3074 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-3075 CVE STATUS: Patched CVE SUMMARY: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3075 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-3076 CVE STATUS: Patched CVE SUMMARY: The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3076 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-3294 CVE STATUS: Patched CVE SUMMARY: src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3294 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-3432 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3432 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-4101 CVE STATUS: Patched CVE SUMMARY: Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4101 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2008-6235 CVE STATUS: Patched CVE SUMMARY: The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2009-0316 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0316 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2016-1248 CVE STATUS: Patched CVE SUMMARY: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1248 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-1000382 CVE STATUS: Patched CVE SUMMARY: VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-11109 CVE STATUS: Patched CVE SUMMARY: Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11109 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-17087 CVE STATUS: Patched CVE SUMMARY: fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17087 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-5953 CVE STATUS: Patched CVE SUMMARY: vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5953 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-6349 CVE STATUS: Patched CVE SUMMARY: An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6349 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2017-6350 CVE STATUS: Patched CVE SUMMARY: An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6350 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2019-12735 CVE STATUS: Patched CVE SUMMARY: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2019-14957 CVE STATUS: Patched CVE SUMMARY: The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14957 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2019-20079 CVE STATUS: Patched CVE SUMMARY: The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20079 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2019-20807 CVE STATUS: Patched CVE SUMMARY: In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20807 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2020-20703 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20703 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-28832 CVE STATUS: Patched CVE SUMMARY: VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28832 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3236 CVE STATUS: Patched CVE SUMMARY: vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3236 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3770 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3770 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3778 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3778 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3796 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3796 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3872 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3872 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3875 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3875 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3903 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3903 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3927 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3927 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3928 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use of Uninitialized Variable CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3928 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3968 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3968 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3973 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3973 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3974 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3974 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-3984 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3984 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4019 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4019 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4069 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4069 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4136 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4136 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4166 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4166 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4173 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4173 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4187 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4187 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4192 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4192 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2021-4193 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4193 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0128 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Out-of-bounds Read CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0128 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0156 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Use After Free CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0156 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0158 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0158 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0213 CVE STATUS: Patched CVE SUMMARY: vim is vulnerable to Heap-based Buffer Overflow CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0213 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0261 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0261 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0318 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in vim/vim prior to 8.2. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0318 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0319 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0319 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0351 CVE STATUS: Patched CVE SUMMARY: Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0351 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0359 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0359 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0361 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0361 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0368 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0368 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0392 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0392 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0393 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0393 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0407 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0407 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0408 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0408 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0413 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0413 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0417 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0417 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0443 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0443 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0554 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0554 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0572 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0572 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0629 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0629 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0685 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0685 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0696 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0696 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0714 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0714 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0729 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0729 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-0943 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0943 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1154 CVE STATUS: Patched CVE SUMMARY: Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1154 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1160 CVE STATUS: Patched CVE SUMMARY: heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1160 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1381 CVE STATUS: Patched CVE SUMMARY: global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1381 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1420 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1420 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1616 CVE STATUS: Patched CVE SUMMARY: Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1616 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1619 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1619 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1620 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1620 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1621 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1621 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1629 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1629 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1674 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1674 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1720 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1720 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1725 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1725 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1733 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1733 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1735 CVE STATUS: Patched CVE SUMMARY: Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1769 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1769 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1771 CVE STATUS: Patched CVE SUMMARY: Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1771 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1785 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1785 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1796 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1796 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1851 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1851 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1886 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1886 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1897 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1897 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1898 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1898 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1927 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1927 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1942 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1942 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-1968 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1968 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2000 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2000 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2042 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2042 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2124 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2124 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2125 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2125 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2126 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2126 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2129 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2129 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2175 CVE STATUS: Patched CVE SUMMARY: Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2175 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2182 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2182 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2183 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2183 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2206 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2206 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2207 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2207 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2208 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2208 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2210 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2210 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2231 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2231 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2257 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2257 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2264 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2264 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2284 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2284 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2285 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2285 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2286 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2286 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2287 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2287 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2288 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2288 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2289 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2289 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2304 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2304 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2343 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2343 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2344 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2344 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2345 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0046. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2345 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2522 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2522 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2571 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2571 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2580 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2580 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2581 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2581 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2598 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2598 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2816 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2816 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2817 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0213. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2817 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2819 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2819 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2845 CVE STATUS: Patched CVE SUMMARY: Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2845 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2849 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2849 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2862 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0221. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2862 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2874 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2874 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2889 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0225. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2889 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2923 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2923 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2946 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0246. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2946 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2980 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2980 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-2982 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2982 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3016 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0286. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3016 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3037 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0322. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3037 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3099 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0360. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3099 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3134 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0389. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3134 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3153 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3153 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3234 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3234 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3235 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3256 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0530. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3256 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3278 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3278 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3296 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3296 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3297 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3297 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3324 CVE STATUS: Patched CVE SUMMARY: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3324 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3352 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3352 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3491 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3491 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3520 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3520 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3591 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3591 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-3705 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3705 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-4141 CVE STATUS: Patched CVE SUMMARY: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4141 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-4292 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.0882. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4292 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-4293 CVE STATUS: Patched CVE SUMMARY: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4293 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2022-47024 CVE STATUS: Patched CVE SUMMARY: A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47024 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0049 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0051 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0051 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0054 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0054 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0288 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0288 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0433 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0433 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-0512 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0512 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-1127 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1127 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-1170 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1170 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-1175 CVE STATUS: Patched CVE SUMMARY: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1175 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-1264 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1264 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-1355 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1355 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-2426 CVE STATUS: Patched CVE SUMMARY: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2426 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-2609 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2609 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-2610 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2610 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-3896 CVE STATUS: Patched CVE SUMMARY: Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3896 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-46246 CVE STATUS: Patched CVE SUMMARY: Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46246 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4733 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4733 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4734 CVE STATUS: Patched CVE SUMMARY: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4734 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4735 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4735 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4736 CVE STATUS: Patched CVE SUMMARY: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4736 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4738 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4738 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4750 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4750 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4751 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4751 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4752 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4752 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-4781 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4781 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48231 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48231 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48232 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48232 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48233 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48233 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48234 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48234 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48235 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48235 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48236 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48236 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48237 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48237 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-48706 CVE STATUS: Patched CVE SUMMARY: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48706 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-5344 CVE STATUS: Patched CVE SUMMARY: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5344 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-5441 CVE STATUS: Patched CVE SUMMARY: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5441 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2023-5535 CVE STATUS: Patched CVE SUMMARY: Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5535 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2024-22667 CVE STATUS: Patched CVE SUMMARY: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22667 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2024-41957 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-41957 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2024-41965 CVE STATUS: Patched CVE SUMMARY: Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.2 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-41965 LAYER: meta PACKAGE NAME: vim PACKAGE VERSION: 9.1.0698 CVE: CVE-2024-45306 CVE STATUS: Unpatched CVE SUMMARY: Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45306 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1107 CVE STATUS: Patched CVE SUMMARY: The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1107 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1108 CVE STATUS: Patched CVE SUMMARY: The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1108 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1584 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1584 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2017-12678 CVE STATUS: Patched CVE SUMMARY: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2018-11439 CVE STATUS: Patched CVE SUMMARY: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2008-2935 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2935 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-1202 CVE STATUS: Patched CVE SUMMARY: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1202 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-3970 CVE STATUS: Patched CVE SUMMARY: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3970 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-2870 CVE STATUS: Patched CVE SUMMARY: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2870 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-6139 CVE STATUS: Patched CVE SUMMARY: libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6139 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2013-4520 CVE STATUS: Patched CVE SUMMARY: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4520 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-7995 CVE STATUS: Patched CVE SUMMARY: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7995 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-9019 CVE STATUS: Patched CVE SUMMARY: In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9019 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1683 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1683 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1684 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1684 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4607 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4607 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4608 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4608 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4609 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4609 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4610 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4610 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2017-5029 CVE STATUS: Patched CVE SUMMARY: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5029 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-11068 CVE STATUS: Patched CVE SUMMARY: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13117 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13117 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13118 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13118 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-18197 CVE STATUS: Patched CVE SUMMARY: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18197 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-5815 CVE STATUS: Patched CVE SUMMARY: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5815 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2021-30560 CVE STATUS: Patched CVE SUMMARY: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30560 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2022-29824 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: Static linking to libxml2 is not enabled. CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-0784 CVE STATUS: Patched CVE SUMMARY: Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0784 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-2911 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2911 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2009-4273 CVE STATUS: Patched CVE SUMMARY: stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4273 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-0411 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0411 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-0412 CVE STATUS: Patched CVE SUMMARY: stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0412 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-4170 CVE STATUS: Patched CVE SUMMARY: The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4170 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2010-4171 CVE STATUS: Patched CVE SUMMARY: The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4171 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-1769 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1769 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-1781 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1781 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-2502 CVE STATUS: Patched CVE SUMMARY: runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2502 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2011-2503 CVE STATUS: Patched CVE SUMMARY: The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2503 LAYER: meta PACKAGE NAME: systemtap PACKAGE VERSION: 5.0 CVE: CVE-2012-0875 CVE STATUS: Patched CVE SUMMARY: SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0875 LAYER: meta PACKAGE NAME: findutils PACKAGE VERSION: 4.9.0 CVE: CVE-2001-1036 CVE STATUS: Patched CVE SUMMARY: GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1036 LAYER: meta PACKAGE NAME: findutils PACKAGE VERSION: 4.9.0 CVE: CVE-2007-2452 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2452 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2003-1564 CVE STATUS: Patched CVE SUMMARY: libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1564 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2004-0110 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0110 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2004-0989 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0989 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2008-3281 CVE STATUS: Patched CVE SUMMARY: libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3281 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2008-3529 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3529 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2008-4409 CVE STATUS: Patched CVE SUMMARY: libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4409 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2009-2414 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2414 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2009-2416 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2416 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2010-4008 CVE STATUS: Patched CVE SUMMARY: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4008 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2010-4494 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4494 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2011-1944 CVE STATUS: Patched CVE SUMMARY: Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1944 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2012-0841 CVE STATUS: Patched CVE SUMMARY: libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0841 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2012-2871 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2871 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2012-5134 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5134 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2013-0338 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0338 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2013-0339 CVE STATUS: Patched CVE SUMMARY: libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0339 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2013-1969 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1969 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2013-2877 CVE STATUS: Patched CVE SUMMARY: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2877 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2014-3660 CVE STATUS: Patched CVE SUMMARY: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3660 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-5312 CVE STATUS: Patched CVE SUMMARY: The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5312 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-6837 CVE STATUS: Patched CVE SUMMARY: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6837 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-6838 CVE STATUS: Patched CVE SUMMARY: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6838 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7497 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7497 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7498 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7498 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7499 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7499 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7500 CVE STATUS: Patched CVE SUMMARY: The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7500 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7941 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7941 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-7942 CVE STATUS: Patched CVE SUMMARY: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7942 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8035 CVE STATUS: Patched CVE SUMMARY: The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8035 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8241 CVE STATUS: Patched CVE SUMMARY: The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8241 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8242 CVE STATUS: Patched CVE SUMMARY: The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8242 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8317 CVE STATUS: Patched CVE SUMMARY: The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8317 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8710 CVE STATUS: Patched CVE SUMMARY: The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8710 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2015-8806 CVE STATUS: Patched CVE SUMMARY: dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9047 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2017-9048 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9048 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2017-9049 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9049 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2017-9050 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9050 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2018-14404 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14404 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2018-14567 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14567 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2018-9251 CVE STATUS: Patched CVE SUMMARY: The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9251 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2019-19956 CVE STATUS: Patched CVE SUMMARY: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19956 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2019-20388 CVE STATUS: Patched CVE SUMMARY: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20388 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2020-24977 CVE STATUS: Patched CVE SUMMARY: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24977 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2020-7595 CVE STATUS: Patched CVE SUMMARY: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7595 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2021-3517 CVE STATUS: Patched CVE SUMMARY: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3517 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2021-3518 CVE STATUS: Patched CVE SUMMARY: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3518 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2021-3537 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3537 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2021-3541 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3541 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2022-23308 CVE STATUS: Patched CVE SUMMARY: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23308 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2022-29824 CVE STATUS: Patched CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2022-40303 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40303 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2022-40304 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40304 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2023-28484 CVE STATUS: Patched CVE SUMMARY: In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28484 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2023-29469 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29469 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2023-39615 CVE STATUS: Patched CVE SUMMARY: Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39615 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2023-45322 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: issue requires memory allocation to fail CVE SUMMARY: libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45322 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.8 CVE: CVE-2024-25062 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-25062 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2017-2888 CVE STATUS: Patched CVE SUMMARY: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2888 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12216 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12216 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12217 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12218 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12219 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12220 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12220 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12221 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12221 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12222 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12222 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-13616 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13616 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-14906 CVE STATUS: Patched CVE SUMMARY: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14906 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7572 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7572 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7573 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7573 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7574 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7574 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7575 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7575 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7576 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7576 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7577 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7577 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7578 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7578 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7635 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7635 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7636 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7636 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7637 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7637 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7638 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7638 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14409 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14409 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14410 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14410 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2021-33657 CVE STATUS: Patched CVE SUMMARY: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33657 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-34568 CVE STATUS: Patched CVE SUMMARY: SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34568 LAYER: meta PACKAGE NAME: libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-4743 CVE STATUS: Patched CVE SUMMARY: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4743 LAYER: meta-oe PACKAGE NAME: fmt PACKAGE VERSION: 10.2.1 CVE: CVE-2018-1000052 CVE STATUS: Patched CVE SUMMARY: fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000052 LAYER: meta-oe PACKAGE NAME: dhrystone PACKAGE VERSION: 2.1 CVE: CVE-2020-23026 CVE STATUS: Unpatched CVE SUMMARY: A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-23026 LAYER: meta PACKAGE NAME: man-db PACKAGE VERSION: 2.12.0 CVE: CVE-2015-1336 CVE STATUS: Patched CVE SUMMARY: The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1336 LAYER: meta PACKAGE NAME: man-db PACKAGE VERSION: 2.12.0 CVE: CVE-2018-25078 CVE STATUS: Patched CVE SUMMARY: man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25078 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2012-2666 CVE STATUS: Patched CVE SUMMARY: golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2666 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2014-7189 CVE STATUS: Patched CVE SUMMARY: crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7189 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2015-5739 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5739 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2015-5740 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5740 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2015-5741 CVE STATUS: Patched CVE SUMMARY: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5741 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2015-8618 CVE STATUS: Patched CVE SUMMARY: The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8618 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2016-3958 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3958 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2016-3959 CVE STATUS: Patched CVE SUMMARY: The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3959 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2016-5386 CVE STATUS: Patched CVE SUMMARY: The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5386 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2017-1000097 CVE STATUS: Patched CVE SUMMARY: On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000097 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2017-1000098 CVE STATUS: Patched CVE SUMMARY: The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000098 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2017-15041 CVE STATUS: Patched CVE SUMMARY: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15041 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2017-15042 CVE STATUS: Patched CVE SUMMARY: An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15042 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2017-8932 CVE STATUS: Patched CVE SUMMARY: A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8932 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2018-16873 CVE STATUS: Patched CVE SUMMARY: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u". CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16873 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2018-16874 CVE STATUS: Patched CVE SUMMARY: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16874 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2018-16875 CVE STATUS: Patched CVE SUMMARY: The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16875 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2018-6574 CVE STATUS: Patched CVE SUMMARY: Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6574 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2018-7187 CVE STATUS: Patched CVE SUMMARY: The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7187 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-11888 CVE STATUS: Patched CVE SUMMARY: Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11888 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-14809 CVE STATUS: Patched CVE SUMMARY: net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14809 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-16276 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16276 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-17596 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17596 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-6486 CVE STATUS: Patched CVE SUMMARY: Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6486 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-9634 CVE STATUS: Patched CVE SUMMARY: Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9634 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2019-9741 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9741 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-0601 CVE STATUS: Patched CVE SUMMARY: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0601 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-14039 CVE STATUS: Patched CVE SUMMARY: In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14039 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-15586 CVE STATUS: Patched CVE SUMMARY: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15586 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-16845 CVE STATUS: Patched CVE SUMMARY: Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16845 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-24553 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24553 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-28362 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28362 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-28366 CVE STATUS: Patched CVE SUMMARY: Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28366 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-28367 CVE STATUS: Patched CVE SUMMARY: Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28367 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-28851 CVE STATUS: Patched CVE SUMMARY: In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28851 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-29509 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: The encoding/xml package in go can potentially be used for security exploits if not used correctly CVE applies to a netapp product as well as flagging a general issue. We don't ship anything exposing this interface in an exploitable way CVE SUMMARY: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29509 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-29510 CVE STATUS: Patched CVE SUMMARY: The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29510 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-29511 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: The encoding/xml package in go can potentially be used for security exploits if not used correctly CVE applies to a netapp product as well as flagging a general issue. We don't ship anything exposing this interface in an exploitable way CVE SUMMARY: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29511 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2020-7919 CVE STATUS: Patched CVE SUMMARY: Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7919 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-27918 CVE STATUS: Patched CVE SUMMARY: encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27918 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-27919 CVE STATUS: Patched CVE SUMMARY: archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27919 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-29923 CVE STATUS: Patched CVE SUMMARY: Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-3114 CVE STATUS: Patched CVE SUMMARY: In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3114 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-3115 CVE STATUS: Patched CVE SUMMARY: Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3115 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-31525 CVE STATUS: Patched CVE SUMMARY: net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31525 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-33194 CVE STATUS: Patched CVE SUMMARY: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33194 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-33195 CVE STATUS: Patched CVE SUMMARY: Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33195 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-33196 CVE STATUS: Patched CVE SUMMARY: In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33196 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-33197 CVE STATUS: Patched CVE SUMMARY: In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33197 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-33198 CVE STATUS: Patched CVE SUMMARY: In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33198 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-34558 CVE STATUS: Patched CVE SUMMARY: The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-34558 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-36221 CVE STATUS: Patched CVE SUMMARY: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36221 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-38297 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38297 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-39293 CVE STATUS: Patched CVE SUMMARY: In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39293 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-41771 CVE STATUS: Patched CVE SUMMARY: ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41771 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-41772 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41772 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-44716 CVE STATUS: Patched CVE SUMMARY: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44716 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2021-44717 CVE STATUS: Patched CVE SUMMARY: Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44717 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-1705 CVE STATUS: Patched CVE SUMMARY: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1705 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-1962 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1962 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-23772 CVE STATUS: Patched CVE SUMMARY: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23772 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-23773 CVE STATUS: Patched CVE SUMMARY: cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23773 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-23806 CVE STATUS: Patched CVE SUMMARY: Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23806 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-24675 CVE STATUS: Patched CVE SUMMARY: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24675 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-24921 CVE STATUS: Patched CVE SUMMARY: regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24921 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-27536 CVE STATUS: Patched CVE SUMMARY: Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27536 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-27664 CVE STATUS: Patched CVE SUMMARY: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27664 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-28131 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28131 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-28327 CVE STATUS: Patched CVE SUMMARY: The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28327 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-2879 CVE STATUS: Patched CVE SUMMARY: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2879 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-2880 CVE STATUS: Patched CVE SUMMARY: Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2880 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-29526 CVE STATUS: Patched CVE SUMMARY: Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29526 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-29804 CVE STATUS: Patched CVE SUMMARY: Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29804 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30580 CVE STATUS: Patched CVE SUMMARY: Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30580 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30629 CVE STATUS: Patched CVE SUMMARY: Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30629 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30630 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30630 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30631 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30631 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30632 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30632 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30633 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30633 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30634 CVE STATUS: Patched CVE SUMMARY: Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30634 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-30635 CVE STATUS: Patched CVE SUMMARY: Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30635 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-32148 CVE STATUS: Patched CVE SUMMARY: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32148 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-32189 CVE STATUS: Patched CVE SUMMARY: A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32189 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-32190 CVE STATUS: Patched CVE SUMMARY: JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32190 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41715 CVE STATUS: Patched CVE SUMMARY: Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41715 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41716 CVE STATUS: Patched CVE SUMMARY: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41716 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41717 CVE STATUS: Patched CVE SUMMARY: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41717 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41720 CVE STATUS: Patched CVE SUMMARY: On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41720 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41722 CVE STATUS: Patched CVE SUMMARY: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41722 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41723 CVE STATUS: Patched CVE SUMMARY: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41723 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41724 CVE STATUS: Patched CVE SUMMARY: Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41724 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2022-41725 CVE STATUS: Patched CVE SUMMARY: A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41725 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24532 CVE STATUS: Patched CVE SUMMARY: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24532 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24534 CVE STATUS: Patched CVE SUMMARY: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24534 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24536 CVE STATUS: Patched CVE SUMMARY: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24536 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24537 CVE STATUS: Patched CVE SUMMARY: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24537 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24538 CVE STATUS: Patched CVE SUMMARY: Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24538 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24539 CVE STATUS: Patched CVE SUMMARY: Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24539 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-24540 CVE STATUS: Patched CVE SUMMARY: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24540 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29400 CVE STATUS: Patched CVE SUMMARY: Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29400 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29402 CVE STATUS: Patched CVE SUMMARY: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29402 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29403 CVE STATUS: Patched CVE SUMMARY: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29403 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29404 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29404 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29405 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29405 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29406 CVE STATUS: Patched CVE SUMMARY: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29406 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-29409 CVE STATUS: Patched CVE SUMMARY: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29409 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.22.6 CVE: CVE-2023-39318 CVE STATUS: Patched CVE SUMMARY: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in