Vulnerabilites related to redhat - enterprise_linux_for_arm_64
Vulnerability from fkie_nvd
Published
2024-03-18 13:15
Modified
2025-04-07 16:57
Severity ?
Summary
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:4241 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:9185 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-7250 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2244707 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2024:4241 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-7250 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2244707 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| es | iperf3 | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*", matchCriteriaId: "960228C7-0351-4815-8EC0-6D612D65C040", versionEndExcluding: "3.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.", }, { lang: "es", value: "Se encontró una falla en iperf, una utilidad para probar el rendimiento de la red mediante TCP, UDP y SCTP. Un cliente malicioso o que no funciona correctamente puede enviar menos cantidad de datos de la esperada al servidor iperf, lo que puede hacer que el servidor se cuelgue indefinidamente esperando el resto o hasta que se cierre la conexión. Esto evitará otras conexiones al servidor, lo que provocará una denegación de servicio.", }, ], id: "CVE-2023-7250", lastModified: "2025-04-07T16:57:33.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert@redhat.com", type: "Primary", }, ], }, published: "2024-03-18T13:15:06.910", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4241", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9185", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-7250", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-7250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-183", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-01-17 16:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", matchCriteriaId: "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", versionEndExcluding: "5.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, { lang: "es", value: "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de solo lectura podía usar un OID con formato incorrecto en un `GET-NEXT` de `nsVacmAccessTable` para provocar una desreferencia del puntero NULL. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.", }, ], id: "CVE-2022-24809", lastModified: "2025-01-17T16:17:30.873", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-16T20:15:09.033", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105242", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-01 23:15
Modified
2025-04-11 14:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:dhcpd:*:*:*:*:*:*:*:*", matchCriteriaId: "C9CECDA8-1A75-47BD-8799-3E411B392E22", versionEndExcluding: "4.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2FF1A19F-8A15-471A-B496-E1B4BA788356", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "EAD7EC1D-5979-42E6-9DA6-355B53431F3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AE49DCA5-1B01-4478-A1E9-2E87E948A0C1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", matchCriteriaId: "566507B6-AC95-47F7-A3FB-C6F414E45F51", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", matchCriteriaId: "00966AC5-1C84-4B5F-9665-5E99D4AEB3A2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0D04F433-CB52-4F3D-8711-39D3BDA27FE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "07332196-7E36-4E95-81BC-DD959629C1BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F505D098-2143-4218-A528-D92BFC017FFD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "96E5CEC7-D3B9-4895-96E9-E26D2ACF1AE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "12A809B2-2771-4780-9E0D-6A7B4A534CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "3ADDB02D-F377-43CE-B0A8-FC6C7D5CFABC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E881C927-DF96-4D2E-9887-FF12E456B1FB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB096D5D-E8F6-4164-8B76-0217B7151D30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "01ED4F33-EBE7-4C04-8312-3DA580EFFB68", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.", }, { lang: "es", value: "Se había presentado en una de las bibliotecas ISC BIND un error en una función que fue usada por dhcpd cuando operaba en modo DHCPv6. También hubo un error en dhcpd relacionado con el uso de esta función según su documentación, pero el error en la función library impide que esto causara algún daño. Todas las versiones de dhcpd de ISC contienen copias de esta y otras bibliotecas BIND en combinaciones que han sido probadas antes de su lanzamiento y se sabe que no presentan problemas como este. Algunos empaquetadores de terceros del software ISC de terceros han modificado la fuente dhcpd, la fuente BIND o la comparación de versiones de manera que crean el potencial bloqueo. Según los reportes disponibles para ISC, la probabilidad de bloqueo es grande y no ha sido realizado ningún análisis sobre cómo, o inclusive si, la probabilidad puede ser manipulada por parte un atacante. Afecta: Compilaciones de versiones de dhcpd anteriores a la versión 4.4.1 cuando se usan las versiones BIND 9.11.2 o posteriores, o versiones BIND con correcciones de bugs específicas que respaldaron. ISC no tiene acceso a listas completas de versiones para todos los reempaques de dhcpd que son vulnerables. En particular, las compilaciones de otros proveedores también pueden estar afectadas. Es recomendado que los operadores consulten la documentación de su proveedor.", }, ], id: "CVE-2019-6470", lastModified: "2025-04-11T14:55:14.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-officer@isc.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-01T23:15:10.510", references: [ { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2060", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3525", }, { source: "security-officer@isc.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-01-17 16:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", matchCriteriaId: "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", versionEndExcluding: "5.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, { lang: "es", value: "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un desbordamiento del búfer en el manejo del `INDEX` de `NET-SNMP-VACM-MIB` puede provocar un acceso a la memoria fuera de los límites. Un usuario con credenciales de sólo lectura puede aprovechar el problema. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.", }, ], id: "CVE-2022-24805", lastModified: "2025-01-17T16:04:56.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-16T20:15:07.600", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105238", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-10 18:15
Modified
2024-11-21 08:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "1D407A29-CAB0-425B-87B6-F2487FAE6B71", versionEndExcluding: "11.22", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "13B24306-F52A-47E4-A7E4-EA7E46F850EF", versionEndExcluding: "12.17", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "AA77ED73-60C6-4666-9355-7C28CD774001", versionEndExcluding: "13.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", versionEndExcluding: "14.10", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "E8883865-D864-497D-B39C-90D3ACC6A932", versionEndExcluding: "15.5", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", matchCriteriaId: "654E69F1-844B-4E32-9C3D-FA8032FB3A61", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "02F08DBD-4BD0-408D-B817-04B2EB82137E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "CDE46FD5-B415-49B7-BF2D-E76D068C3920", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1251-245C-4390-8964-DDCAD54A8957", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7A584AAA-A14F-4C64-8FED-675DC36F69A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "62D3FD78-5B63-4A1B-B4EE-9B098844691E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", }, { lang: "es", value: "Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. Esto permite la ejecución de código arbitrario en el sistema de destino, lo que permite a los usuarios escribir bytes arbitrarios en la memoria y leer ampliamente la memoria del servidor.", }, ], id: "CVE-2023-5869", lastModified: "2024-11-21T08:42:40.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-10T18:15:07.410", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7771", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7778", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7783", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7786", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7788", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7789", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7790", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7878", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5869", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5869/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7786", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5869/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-17 13:15
Modified
2025-04-03 20:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
Impacted products
{ cisaActionDue: "2022-06-10", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Linux Kernel Improper Privilege Management Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E", versionEndExcluding: "3.16.71", versionStartIncluding: "3.16.52", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CD709672-0E6A-4086-8700-B6C2FDD8599C", versionEndExcluding: "4.2", versionStartIncluding: "4.1.39", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "19FB5FC5-740B-418F-B83A-3EA6095270C0", versionEndExcluding: "4.4.185", versionStartIncluding: "4.4.40", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "66431BA1-01B5-476A-B483-AE4E7B830BA7", versionEndExcluding: "4.9", versionStartIncluding: "4.8.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8A719867-AEB7-4E95-A1DE-B96EA092D9FE", versionEndExcluding: "4.9.185", versionStartIncluding: "4.9.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE", versionEndExcluding: "4.14.133", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F921620B-E2A7-421F-8C89-016C51723C17", versionEndExcluding: "4.19.58", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7049E422-0D4B-45FD-8B06-04BACD44A66E", versionEndExcluding: "5.1.17", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", matchCriteriaId: "B3293E55-5506-4587-A318-D1734F781C09", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AA559D29-DF65-48AF-96DB-D20A50474758", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", matchCriteriaId: "CBF9BCF3-187F-410A-96CA-9C47D3ED6924", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", matchCriteriaId: "782C86CD-1B68-410A-A096-E5170AD24DA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "77C61DDC-81F3-4E2D-9CAA-17A256C85443", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "B6B0DA79-DF12-4418-B075-F048C9E2979A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6D5DE3C5-B090-4CE7-9AF2-DEB379D7D5FC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "DF7275A1-8853-469E-939B-7533E9E8C499", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B92409A9-0D6B-4B7E-8847-1B63837D201F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "C5C5860E-9FEB-4259-92FD-A85911E2F99E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "CCE99A08-D6F7-4937-8154-65062BC88009", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "665DF1D3-EB88-4A17-B888-3B3CE298269B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, { lang: "es", value: "En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida útil del objeto (que también puede causar un pánico). Otro factor que contribuye es el marcado incorrecto de una relación de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una solución útil en algunos entornos.", }, ], id: "CVE-2019-13272", lastModified: "2025-04-03T20:28:35.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-07-17T13:15:10.687", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-09 15:15
Modified
2025-04-10 22:15
Severity ?
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*", matchCriteriaId: "9A0BE187-A047-44BB-A0EC-E91A6AF6DD60", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*", matchCriteriaId: "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*", matchCriteriaId: "486B3F69-1551-4F8B-B25B-A5864248811B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*", matchCriteriaId: "4716808D-67EB-4E14-9910-B248A500FAFA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*", matchCriteriaId: "0EBB38E1-4161-402D-8A37-74D92891AAC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*", matchCriteriaId: "F4B66318-326A-43E4-AF14-015768296E4E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "E25C58BA-4E10-4D6A-84C4-FB48A4185486", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "9A879F9F-F087-45D4-BD65-2990276477D2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "62D3FD78-5B63-4A1B-B4EE-9B098844691E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "6C138DAF-9769-43B0-A9E6-320738EB3415", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "18037675-B4D3-401E-96D3-9EA3C1993920", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3DA48001-66CC-4E71-A944-68D7D654031E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB096D5D-E8F6-4164-8B76-0217B7151D30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "01ED4F33-EBE7-4C04-8312-3DA580EFFB68", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "083AAC55-E87B-482A-A1F4-8F2DEB90CB23", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "1FD9BF0E-7ACF-4A83-B754-6E3979ED903F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Buildah. Los montajes de caché no validan correctamente que las rutas especificadas por el usuario para el caché estén dentro de nuestro directorio de caché, lo que permite que una instrucción `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos.", }, ], id: "CVE-2024-9675", lastModified: "2025-04-10T22:15:16.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Primary", }, ], }, published: "2024-10-09T15:15:17.837", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8563", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8675", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8679", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8686", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8690", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8700", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8703", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8707", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8708", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8709", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8846", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8984", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8994", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9051", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9454", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9459", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2445", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2449", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2701", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:3301", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:3573", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-9675", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317458", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-03 17:15
Modified
2024-11-21 08:35
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | codeready_linux_builder | 8.0 | |
| redhat | codeready_linux_builder_for_arm64 | 8.0_aarch64 | |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_for_real_time | 8.0 | |
| redhat | enterprise_linux_for_real_time_for_nfv | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AB17AA82-730C-476D-952C-FC8A35009997", versionEndIncluding: "5.13.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", matchCriteriaId: "93A089E2-D66E-455C-969A-3140D991BAF4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F791F846-7762-40E0-9056-032FD10F2046", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*", matchCriteriaId: "5487EF77-D23A-4CC0-851C-E330B4485D8A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", matchCriteriaId: "782C86CD-1B68-410A-A096-E5170AD24DA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.", }, { lang: "es", value: "Se encontró una falla en pfn_swap_entry_to_page en el subsistema de administración de memoria del kernel de Linux. En esta falla, un atacante con privilegios de usuario local puede causar un problema de denegación de servicio debido a una declaración de ERROR que hace referencia a pmd_t x.\n", }, ], id: "CVE-2023-4732", lastModified: "2024-11-21T08:35:51.077", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-03T17:15:09.853", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7077", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7539", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4732", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-366", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-23 22:15
Modified
2024-11-21 08:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B91950D6-83A3-41D3-8739-9DD8A03F7CE6", versionEndExcluding: "6.1.75", versionStartIncluding: "6.1.13", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D", versionEndExcluding: "6.5.8", versionStartIncluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", matchCriteriaId: "84267A4F-DBC2-444F-B41D-69E15E1BEC97", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", matchCriteriaId: "FB440208-241C-4246-9A83-C1715C0DAA6C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", matchCriteriaId: "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", matchCriteriaId: "00AB783B-BE05-40E8-9A55-6AA457D95031", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", matchCriteriaId: "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*", matchCriteriaId: "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", matchCriteriaId: "93A089E2-D66E-455C-969A-3140D991BAF4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2ABBAA9E-CCBA-480B-ABB5-454448D91262", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F9812B09-CC24-43F5-98E8-6D9EFE026E8A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "547DCB0A-32F0-4BC9-BCA4-EA50064DA5D6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "35232613-B8B5-4F4D-A6CD-3823C6666534", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F791F846-7762-40E0-9056-032FD10F2046", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7B3D7389-35C1-48C4-A9EC-2564842723C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C9795CF6-CBEB-4FE4-BAAC-D9D514C6B5B6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1251-245C-4390-8964-DDCAD54A8957", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "9A879F9F-F087-45D4-BD65-2990276477D2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*", matchCriteriaId: "5487EF77-D23A-4CC0-851C-E330B4485D8A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F8173AF8-110D-4503-AA50-1BA4F79622E6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", matchCriteriaId: "782C86CD-1B68-410A-A096-E5170AD24DA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6D583DDD-E84D-4180-A339-5467540DB9EC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "12A809B2-2771-4780-9E0D-6A7B4A534CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.", }, { lang: "es", value: "Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free en la forma en que se manejaban los objetos de memoria cuando se usaban para almacenar una superficie. Cuando se ejecuta dentro de un invitado de VMware con la aceleración 3D habilitada, un usuario local sin privilegios podría utilizar esta falla para aumentar sus privilegios.", }, ], id: "CVE-2023-5633", lastModified: "2024-11-21T08:42:09.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-23T22:15:09.430", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0113", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0134", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1404", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4823", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4831", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5633", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245663", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-10 18:15
Modified
2024-11-21 08:42
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "1D407A29-CAB0-425B-87B6-F2487FAE6B71", versionEndExcluding: "11.22", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "13B24306-F52A-47E4-A7E4-EA7E46F850EF", versionEndExcluding: "12.17", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "AA77ED73-60C6-4666-9355-7C28CD774001", versionEndExcluding: "13.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", versionEndExcluding: "14.10", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "E8883865-D864-497D-B39C-90D3ACC6A932", versionEndExcluding: "15.5", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", matchCriteriaId: "654E69F1-844B-4E32-9C3D-FA8032FB3A61", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "02F08DBD-4BD0-408D-B817-04B2EB82137E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "CDE46FD5-B415-49B7-BF2D-E76D068C3920", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1251-245C-4390-8964-DDCAD54A8957", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "62D3FD78-5B63-4A1B-B4EE-9B098844691E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.", }, { lang: "es", value: "Se encontró una vulnerabilidad de divulgación de memoria en PostgreSQL que permite a usuarios remotos acceder a información confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designación de tipo puede revelar bytes, lo que potencialmente revela información importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema.", }, ], id: "CVE-2023-5868", lastModified: "2024-11-21T08:42:40.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-10T18:15:07.163", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5868", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "secalert@redhat.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5868/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5868/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-686", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-15 05:15
Modified
2025-01-30 22:15
Severity ?
8.0 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fedoraproject:unbound:*:*:*:*:*:*:*:*", matchCriteriaId: "42DC89D4-6DF0-4212-B5BA-56583F095047", versionEndExcluding: "1.19.1-2.fc40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2ABBAA9E-CCBA-480B-ABB5-454448D91262", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "98638583-9933-42F2-964E-7F8E7CF36918", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C0DE225E-E1B5-411E-B2E7-6201E09B9571", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "BE497FA8-F9F2-4C45-8CA5-919B205303CA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "50321FD4-AD8E-4460-8820-25F7C4ECAC5D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "35232613-B8B5-4F4D-A6CD-3823C6666534", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "ED521457-498F-4E43-B714-9A3F2C3CD09A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "BC54523F-1F6A-4F55-9B33-6C5A493B0541", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "6E645F29-0FE0-477F-969A-55F009AB018C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "6C138DAF-9769-43B0-A9E6-320738EB3415", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "18037675-B4D3-401E-96D3-9EA3C1993920", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Unbound debido a permisos predeterminados incorrectos, lo que permite que cualquier proceso fuera del grupo independiente modifique la configuración del tiempo de ejecución independiente. Si un proceso puede conectarse a través de localhost al puerto 8953, puede alterar la configuración de unbound.service. Esta falla permite que un atacante sin privilegios manipule una instancia en ejecución, alterando potencialmente a los reenviadores, permitiéndoles rastrear todas las consultas enviadas por el solucionador local y, en algunos casos, interrumpiendo la resolución por completo.", }, ], id: "CVE-2024-1488", lastModified: "2025-01-30T22:15:09.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.5, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-15T05:15:10.257", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1750", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1751", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1780", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1802", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:2587", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:2696", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:0837", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-1488", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:1804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:2587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:2696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-1488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-01-17 16:16
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", matchCriteriaId: "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", versionEndExcluding: "5.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, { lang: "es", value: "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de lectura y escritura podía utilizar un OID con formato incorrecto en una solicitud `SET` a `NET-SNMP-AGENT-MIB::nsLogTable` para provocar una desreferencia del puntero NULL. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.", }, ], id: "CVE-2022-24808", lastModified: "2025-01-17T16:16:28.860", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-16T20:15:08.840", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105240", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 14:15
Modified
2024-11-21 08:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:3267 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:9281 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-6681 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2260843 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2024:3267 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-6681 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2260843 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| latchset | jwcrypto | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_for_arm_64 | 8.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 | |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:*", matchCriteriaId: "017B326C-B6EA-4E6C-8CDD-4651FBAC0146", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.", }, { lang: "es", value: "Se encontró una vulnerabilidad en JWCrypto. Esta falla permite que un atacante provoque un ataque de denegación de servicio (DoS) y posibles ataques de fuerza bruta y diccionario de contraseñas que consuman más recursos. Este problema puede resultar en una gran cantidad de consumo computacional, provocando un ataque de denegación de servicio.", }, ], id: "CVE-2023-6681", lastModified: "2024-11-21T08:44:20.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T14:15:08.003", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:9281", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-01-17 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", matchCriteriaId: "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", versionEndExcluding: "5.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, { lang: "es", value: "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un OID con formato incorrecto en una solicitud SET a `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` puede provocar un acceso a la memoria fuera de los límites. Un usuario con credenciales de lectura y escritura puede aprovechar el problema. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.", }, ], id: "CVE-2022-24807", lastModified: "2025-01-17T16:15:01.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-16T20:15:08.647", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105239", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-18 17:15
Modified
2024-11-21 08:35
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Summary
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "9B07E72A-FA10-49C2-BBE3-468AF836A462", versionEndExcluding: "2.39", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "98638583-9933-42F2-964E-7F8E7CF36918", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "9A879F9F-F087-45D4-BD65-2990276477D2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*", matchCriteriaId: "AA1F902F-1AD5-489F-B420-A3574D1880B9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*", matchCriteriaId: "EEAC443B-622E-49FB-8C0F-2864B7EF5F80", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "ED521457-498F-4E43-B714-9A3F2C3CD09A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "22D28543-C7C5-46B0-B909-20435AF7A501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", }, { lang: "es", value: "Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.conf, una respuesta DNS a través de TCP de más de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a través de los datos de la dirección devuelta por la función, y puede provocar un crash.", }, ], id: "CVE-2023-4527", lastModified: "2024-11-21T08:35:21.017", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4.2, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-18T17:15:55.067", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4527", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/09/25/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202310-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231116-0012/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 13:15
Modified
2025-04-24 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "1102FFF5-77B1-400E-93F8-AC6CFE2CC93C", versionEndExcluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "EC13B91D-82A4-48B1-83AB-EC129C83D316", versionEndExcluding: "9.8", versionStartIncluding: "8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*", matchCriteriaId: "4C37CBBB-A4AA-40D0-9609-0620FDC12BA8", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*", matchCriteriaId: "7945F60B-460E-4CA6-9EB4-BEE663386D50", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*", matchCriteriaId: "09F471C6-69AF-4E78-8143-17E783C80B9F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", matchCriteriaId: "359012F1-2C63-415A-88B8-6726A87830DE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*", matchCriteriaId: "47842532-D2B6-44CB-ADE2-4AC8630A4D8C", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*", matchCriteriaId: "21538C5B-A130-411E-B5F7-BBBA4C9D488A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*", matchCriteriaId: "5D4BE4FC-249C-4B58-9513-BF482444CB64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", matchCriteriaId: "A87EFA20-DD6B-41C5-98FD-A29F67D2E732", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", matchCriteriaId: "2888B0C1-4D85-42EC-9696-03FAD0A9C28F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*", matchCriteriaId: "556F4943-7BA4-4E09-94B3-4515DC3C7807", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*", matchCriteriaId: "6AFEC561-D79B-498B-B59D-1D82B21BDF1A", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", matchCriteriaId: "A3306F11-D3C0-41D6-BB5E-2ABDC3927715", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", matchCriteriaId: "9E584FE1-3A34-492B-B10F-508DA7CBA768", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", matchCriteriaId: "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*", matchCriteriaId: "761B4382-E857-4868-9F80-189B7F60256B", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*", matchCriteriaId: "51B17801-15FD-4425-BA6C-BE06B14F1BFE", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*", matchCriteriaId: "E9CAFF74-AD36-4D29-83F3-23E0417C485D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*", matchCriteriaId: "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*", matchCriteriaId: "E7A81663-047E-4328-BE3A-CF65AB55B29F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*", matchCriteriaId: "17DAE911-21E1-4182-85A0-B9F0059DDA7F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*", matchCriteriaId: "ABEA48EC-24EA-4106-9465-CE66B938635F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*", matchCriteriaId: "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*", matchCriteriaId: "BC8C769C-A23E-4F61-AC42-4DA64421B096", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*", matchCriteriaId: "FA25530A-133C-4D7C-8993-D5C42D79A0B5", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", matchCriteriaId: "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", matchCriteriaId: "69A72B5A-2189-4700-8E8B-1E5E7CA86C40", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", matchCriteriaId: "5771F187-281B-4680-B562-EFC7441A8F88", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", matchCriteriaId: "0A4437F5-9DDA-4769-974E-23BFA085E0DB", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", matchCriteriaId: "A9C3A3D4-C9F4-41EB-B532-821AF83470B1", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*", matchCriteriaId: "878A1F0A-087F-47D7-9CA5-A54BB8D6676A", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*", matchCriteriaId: "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*", matchCriteriaId: "50A5E650-31FB-45BE-8827-641B58A83E45", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", matchCriteriaId: "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", matchCriteriaId: "BF309824-D379-4749-A1FA-BCB2987DD671", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*", matchCriteriaId: "79D770C6-7A57-4A49-8164-C55391F62301", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*", matchCriteriaId: "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", matchCriteriaId: "A6A2EBE8-012E-470E-9E56-56ACBE345F78", versionEndIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", }, { lang: "es", value: "Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog().", }, ], id: "CVE-2024-6387", lastModified: "2025-04-24T19:15:46.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T13:15:06.467", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4340", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4389", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4469", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4474", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4479", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-6387", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", }, { source: "secalert@redhat.com", url: "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://www.openssh.com/txt/release-9.8", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/01/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/01/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/03/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/04/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/08/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/08/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/09/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/09/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/10/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/10/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/10/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/23/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/23/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/28/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-6387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://explore.alas.aws.amazon.com/CVE-2024-6387.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/AlmaLinux/updates/issues/629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/Azure/AKS/issues/4379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/microsoft/azurelinux/issues/9555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/oracle/oracle-linux/issues/149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/rapier1/hpn-ssh/issues/87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/zgzhang/cve-2024-6387-poc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://news.ycombinator.com/item?id=40843778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://packetstorm.news/files/id/190587/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security-tracker.debian.org/tracker/CVE-2024-6387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240701-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sig-security.rocky.page/issues/CVE-2024-6387/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ubuntu.com/security/CVE-2024-6387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ubuntu.com/security/notices/USN-6859-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/52269", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://www.openssh.com/txt/release-9.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.suse.com/security/cve/CVE-2024-6387.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.theregister.com/2024/07/01/regresshion_openssh/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-364", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 11:15
Modified
2024-11-21 08:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:*", matchCriteriaId: "920623D9-21D8-4EC5-B2F1-02504B3C60FA", versionEndExcluding: "1.28.39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:subscription-manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C4E20528-67BC-4A50-9E9D-1A389BFFFAE9", versionEndExcluding: "1.29.37", versionStartIncluding: "1.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:*:*", matchCriteriaId: "2D1E1C3E-0188-43C3-8911-858B5D7A2965", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "3EFBEEE7-8BC5-4F4E-8EFA-42A6743152BB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83981111-E13A-4A88-80FD-F63D7CCAA47F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6AAF4A69-A4CC-409E-BC05-FABAE86321B2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "78825319-8A45-4880-B7C4-2B223029DDD3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", matchCriteriaId: "566507B6-AC95-47F7-A3FB-C6F414E45F51", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:*:*:*:*:*:*:*", matchCriteriaId: "C415CABF-E1C4-4E95-9424-AEEEAFF1CAE7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "9EF5C4AC-CA69-41E3-AD93-7AC21931374A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83364F5C-57F4-4D57-B54F-540CAC1D7753", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B6C30A81-BF75-46CC-A05E-42BAF271D1C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "213A5029-FCF9-4EA9-AEF9-21313F6DCBD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "A49ABD84-6755-4894-AD4E-49AAD39933C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "71DDE212-1018-4554-9C06-4908442DE134", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "12A809B2-2771-4780-9E0D-6A7B4A534CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FE4AEBCB-B1E6-4A6A-9E8C-DDC5A003BCB9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "BE1A81A1-63EC-431C-9CBC-8D28C15AB3E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "3ADDB02D-F377-43CE-B0A8-FC6C7D5CFABC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E881C927-DF96-4D2E-9887-FF12E456B1FB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB096D5D-E8F6-4164-8B76-0217B7151D30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "01ED4F33-EBE7-4C04-8312-3DA580EFFB68", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", }, ], id: "CVE-2023-3899", lastModified: "2024-11-21T08:18:19.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-23T11:15:07.573", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4701", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4702", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4703", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4704", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4705", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4706", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4707", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4708", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3899", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:4708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-15 16:15
Modified
2025-04-03 02:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", matchCriteriaId: "40449571-22F8-44FA-B57B-B43F71AB25E2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*", matchCriteriaId: "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*", matchCriteriaId: "486B3F69-1551-4F8B-B25B-A5864248811B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*", matchCriteriaId: "4716808D-67EB-4E14-9910-B248A500FAFA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*", matchCriteriaId: "0EBB38E1-4161-402D-8A37-74D92891AAC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*", matchCriteriaId: "F4B66318-326A-43E4-AF14-015768296E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*", matchCriteriaId: "E52D8667-D64B-4E4D-972F-089A2D834C34", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:*", matchCriteriaId: "226AD7DB-D8CB-45A3-97AE-3FE79774133E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:*", matchCriteriaId: "1B361729-2847-4FE1-9503-BF9FA81307C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:*", matchCriteriaId: "FA5959A2-F48B-449B-89AD-ECDE9E5418E6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*", matchCriteriaId: "D3056B67-E5C4-40A0-86BF-1D9E6637B13F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*", matchCriteriaId: "352D5845-975E-4B7F-A44D-4F99D43450BC", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:*", matchCriteriaId: "08B9C7A4-4D65-4771-B92D-914C9C9A6C4A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:*", matchCriteriaId: "99ADC66F-3B19-4767-B876-67BA1C8D195B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:*", matchCriteriaId: "E4F24706-3DF4-49D0-870D-39D4FC02CF4A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*", matchCriteriaId: "F1C47559-7265-4185-84B5-D8D2B177E08A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*", matchCriteriaId: "1E5E9340-DD85-4B10-9A1D-9021C95229A9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:*", matchCriteriaId: "BDD2E6ED-9BDE-404B-AD0D-F78D69B13B34", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:*", matchCriteriaId: "065C13FF-588E-42F5-B3C9-3302082E6524", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:*", matchCriteriaId: "C1E0DF9A-C358-48A0-911F-0A17E1982E4B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*", matchCriteriaId: "ABEED453-F241-4841-A5AE-8BFFA587119F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*", matchCriteriaId: "2127E592-F973-4244-9793-680736EC5313", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:*", matchCriteriaId: "8FF27781-22D9-4283-959D-951C76429EF5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:*", matchCriteriaId: "F68F84F5-7671-4778-AE48-5CF243B62D88", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:*", matchCriteriaId: "33D2A2D4-A006-422D-AA0C-8E764FB104C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*", matchCriteriaId: "0EC48A26-5827-4EC0-BE90-EA25F0A9B56C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Podman, Buildah y CRI-O. Una vulnerabilidad de cruce de enlaces simbólicos en la librería de contenedores/almacenamiento puede hacer que Podman, Buildah y CRI-O se bloqueen y generen una denegación de servicio mediante la eliminación de OOM al ejecutar una imagen maliciosa utilizando un espacio de nombres de usuario asignado automáticamente (`--userns=auto` en Podman y Buildah). La librería de contenedores/almacenamiento leerá /etc/passwd dentro del contenedor, pero no validará correctamente si ese archivo es un enlace simbólico, lo que se puede utilizar para hacer que la librería lea un archivo arbitrario en el host.", }, ], id: "CVE-2024-9676", lastModified: "2025-04-03T02:15:19.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-15T16:15:06.933", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:10289", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8418", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8428", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8437", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8686", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8690", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8694", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8700", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:8984", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9051", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9454", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9459", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:9926", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:0876", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:3301", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-9676", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317467", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/advisories/GHSA-wq2p-5pc6-wpgf", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 13:15
Modified
2024-11-21 08:34
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:7053 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-4042 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1870257 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2228151 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:7053 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-4042 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1870257 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2228151 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artifex | ghostscript | * | |
| redhat | codeready_linux_builder | 8.0 | |
| redhat | codeready_linux_builder_for_arm64 | 8.0_aarch64 | |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0_s390x | |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", matchCriteriaId: "265ED617-18AB-420C-A0A3-3111230823AB", versionEndExcluding: "9.51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", matchCriteriaId: "93A089E2-D66E-455C-969A-3140D991BAF4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F791F846-7762-40E0-9056-032FD10F2046", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.", }, ], id: "CVE-2023-4042", lastModified: "2024-11-21T08:34:17.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-23T13:15:07.847", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7053", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4042", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1870257", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1870257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228151", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-08 22:29
Modified
2025-04-04 15:34
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
References
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache HTTP Server Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", matchCriteriaId: "3AF858A9-701E-44F6-8DB1-36B76C40733A", versionEndIncluding: "2.4.38", versionStartIncluding: "2.4.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", matchCriteriaId: "B3293E55-5506-4587-A318-D1734F781C09", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", matchCriteriaId: "A2466282-51AB-478D-9FF4-FA524265ED2E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "6005C278-5443-42EA-9D16-220FBF17FC95", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2FF1A19F-8A15-471A-B496-E1B4BA788356", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "EAD7EC1D-5979-42E6-9DA6-355B53431F3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AE49DCA5-1B01-4478-A1E9-2E87E948A0C1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", matchCriteriaId: "00966AC5-1C84-4B5F-9665-5E99D4AEB3A2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0D04F433-CB52-4F3D-8711-39D3BDA27FE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "07332196-7E36-4E95-81BC-DD959629C1BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F505D098-2143-4218-A528-D92BFC017FFD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "96E5CEC7-D3B9-4895-96E9-E26D2ACF1AE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", matchCriteriaId: "B3D1213C-EB9C-4475-9268-86AD947D256E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "3ADDB02D-F377-43CE-B0A8-FC6C7D5CFABC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E881C927-DF96-4D2E-9887-FF12E456B1FB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB096D5D-E8F6-4164-8B76-0217B7151D30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "01ED4F33-EBE7-4C04-8312-3DA580EFFB68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DB43DFD4-D058-4001-BD19-488E059F4532", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "086E2E5C-44EB-4C07-B298-C04189533996", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B042935-BC42-4CA8-9379-7F0F894F9653", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5682DAEB-3810-4541-833A-568C868BCE0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", matchCriteriaId: "2F87FC90-16D0-4051-8280-B0DD4441F10B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", matchCriteriaId: "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", }, { lang: "es", value: "En Apache HTTP Server 2.4, versiones 2.4.17 a 2.4.38, con el evento MPM, worker o prefork, el código ejecutándose en procesos hijo (o hilos) menos privilegiados (incluyendo scripts ejecutados por un intérprete de scripts en proceso) podría ejecutar código arbitrario con los privilegios del proceso padre (normalmente root) manipulando el marcador. Los sistemas que no son Unix no se ven afectados.", }, ], id: "CVE-2019-0211", lastModified: "2025-04-04T15:34:11.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-08T22:29:00.387", references: [ { source: "security@apache.org", tags: [ "Broken Link", "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { source: "security@apache.org", tags: [ "Broken Link", "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { source: "security@apache.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", }, { source: "security@apache.org", tags: [ "Broken Link", "Vendor Advisory", ], url: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/3", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2019/07/26/7", }, { source: "security@apache.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107666", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0746", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0980", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1296", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1297", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/16", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201904-20", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K32957101", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3937-1/", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46676/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Vendor Advisory", ], url: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2019/07/26/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0980", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201904-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K32957101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3937-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46676/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_14", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-01-17 16:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", matchCriteriaId: "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", versionEndExcluding: "5.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "18B7F648-9A31-4EE5-A215-C860616A4AB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, { lang: "es", value: "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de lectura y escritura podía aprovechar una vulnerabilidad de validación de entrada incorrecta al establecer OID con formato incorrecto en el agente maestro y el subagente simultáneamente. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.", }, ], id: "CVE-2022-24806", lastModified: "2025-01-17T16:09:56.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-16T20:15:08.413", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2024-11-21 08:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "6E5DE46B-7DD6-4FA2-830A-D559AB2CC70E", versionEndExcluding: "10.3.36", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "76F49D8B-E293-475B-A190-E55F2586EB74", versionEndExcluding: "10.4.26", versionStartIncluding: "10.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "144984F5-B5E4-4890-B84C-0BD4EBD1A575", versionEndExcluding: "10.5.17", versionStartIncluding: "10.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "9397E948-E3C7-4AE0-AB59-D8DF6DC0F85A", versionEndExcluding: "10.6.9", versionStartIncluding: "10.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "3E60C79C-A7E6-4AEF-AD29-38BC63149C60", versionEndExcluding: "10.7.5", versionStartIncluding: "10.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "EB9F7573-E888-42B6-8B57-CAF26300CC16", versionEndExcluding: "10.8.4", versionStartIncluding: "10.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.", }, { lang: "es", value: "Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio.", }, ], id: "CVE-2023-5157", lastModified: "2024-11-21T08:41:10.987", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-27T15:19:41.807", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5683", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5684", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6821", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6822", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6883", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7633", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5157", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5683", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5684", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6821", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-18 17:15
Modified
2024-11-21 08:36
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*", matchCriteriaId: "1754FEE6-54B9-4367-BE30-D98FD3B32FF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "98638583-9933-42F2-964E-7F8E7CF36918", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "9A879F9F-F087-45D4-BD65-2990276477D2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*", matchCriteriaId: "AA1F902F-1AD5-489F-B420-A3574D1880B9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*", matchCriteriaId: "EEAC443B-622E-49FB-8C0F-2864B7EF5F80", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "ED521457-498F-4E43-B714-9A3F2C3CD09A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "22D28543-C7C5-46B0-B909-20435AF7A501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", }, { lang: "es", value: "Se encontró una falla en glibc. En una situación extremadamente rara, la función getaddrinfo puede acceder a la memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. Este problema solo se puede explotar cuando un módulo NSS implementa solo los hooks _nss_*_gethostbyname2_r y _nss_*_getcanonname_r sin implementar el hook _nss_*_gethostbyname3_r. El nombre resuelto debe devolver una gran cantidad de direcciones IPv6 e IPv4, y la llamada a la función getaddrinfo debe tener la familia de direcciones AF_INET6 con AI_CANONNAME, AI_ALL y AI_V4MAPPED como indicadores.", }, ], id: "CVE-2023-4806", lastModified: "2024-11-21T08:36:00.433", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-18T17:15:55.813", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7409", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4806", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/03/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/03/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/03/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/03/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7409", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202310-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240125-0008/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-10 18:15
Modified
2024-11-21 08:42
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "1D407A29-CAB0-425B-87B6-F2487FAE6B71", versionEndExcluding: "11.22", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "13B24306-F52A-47E4-A7E4-EA7E46F850EF", versionEndExcluding: "12.17", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "AA77ED73-60C6-4666-9355-7C28CD774001", versionEndExcluding: "13.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", versionEndExcluding: "14.10", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", matchCriteriaId: "E8883865-D864-497D-B39C-90D3ACC6A932", versionEndExcluding: "15.5", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", matchCriteriaId: "654E69F1-844B-4E32-9C3D-FA8032FB3A61", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "02F08DBD-4BD0-408D-B817-04B2EB82137E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "CDE46FD5-B415-49B7-BF2D-E76D068C3920", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1251-245C-4390-8964-DDCAD54A8957", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "62D3FD78-5B63-4A1B-B4EE-9B098844691E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.", }, { lang: "es", value: "Se encontró una falla en PostgreSQL que involucra la función pg_cancel_backend que señala a los trabajadores en segundo plano, incluido el iniciador de replicación lógica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotación exitosa requiere una extensión no central con un trabajador en segundo plano menos resistente y afectaría únicamente a ese trabajador en segundo plano específico. Este problema puede permitir que un usuario remoto con privilegios elevados lance un ataque de denegación de servicio (DoS).", }, ], id: "CVE-2023-5870", lastModified: "2024-11-21T08:42:40.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-10T18:15:07.643", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5870", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5870/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.postgresql.org/support/security/CVE-2023-5870/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-31 14:15
Modified
2024-11-21 08:42
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc_project | opensc | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 9.4 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 | |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le | |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le | |
| redhat | enterprise_linux_server_aus | 9.4 | |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2 | |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.4_ppc64le |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", matchCriteriaId: "835E7B28-6A13-42E4-A819-39920F9970B5", versionEndExcluding: "0.25.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FE4AEBCB-B1E6-4A6A-9E8C-DDC5A003BCB9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.", }, { lang: "es", value: "Se encontró una vulnerabilidad en OpenSC donde la eliminación del relleno de cifrado PKCS#1 no se implementa como resistente al canal lateral. Este problema puede resultar en una posible filtración de datos privados.", }, ], id: "CVE-2023-5992", lastModified: "2024-11-21T08:42:56.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-31T14:15:48.147", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0966", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0967", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5992", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248685", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Technical Description", ], url: "https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 15:15
Modified
2025-02-14 16:43
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
References
Impacted products
{ cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "D1C2F51F-19AA-4313-AE96-59F46F55D200", versionEndExcluding: "7.1.33", versionStartIncluding: "7.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "D6F43FF3-D1EB-473C-9B3A-96C21F63117D", versionEndExcluding: "7.2.24", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "86C83E2A-D2FD-4A12-BD6A-6D48EDFFACC4", versionEndExcluding: "7.3.11", versionStartIncluding: "7.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", matchCriteriaId: "41DBA7C7-8084-45F6-B59D-13A9022C34DF", versionEndExcluding: "5.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*", matchCriteriaId: "6DAA8C42-870A-42B4-AE9F-7C67F4122ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2FF1A19F-8A15-471A-B496-E1B4BA788356", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "EAD7EC1D-5979-42E6-9DA6-355B53431F3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AE49DCA5-1B01-4478-A1E9-2E87E948A0C1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", matchCriteriaId: "00966AC5-1C84-4B5F-9665-5E99D4AEB3A2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "0D04F433-CB52-4F3D-8711-39D3BDA27FE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "07332196-7E36-4E95-81BC-DD959629C1BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7A584AAA-A14F-4C64-8FED-675DC36F69A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "418488A5-2912-406C-9337-B8E85D0C2B57", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F505D098-2143-4218-A528-D92BFC017FFD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "96E5CEC7-D3B9-4895-96E9-E26D2ACF1AE3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.", }, { lang: "es", value: "En PHP versiones 7.1.x anteriores a la versión 7.1.33, versiones 7.2.x anteriores a la versión 7.2.24 y versiones 7.3.x anteriores a 7.3.11, en ciertas configuraciones del FPM setup, es posible causar que el módulo FPM escriba más allá de los búferes asignados en el espacio reservado para datos de protocolo FCGI, abriendo así la posibilidad de ejecución de código remota.", }, ], id: "CVE-2019-11043", lastModified: "2025-02-14T16:43:36.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.8, source: "security@php.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T15:15:13.863", references: [ { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html", }, { source: "security@php.net", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/40", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3286", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3287", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3299", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3300", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3724", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3735", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3736", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0322", }, { source: "security@php.net", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.php.net/bug.php?id=78599", }, { source: "security@php.net", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/neex/phuip-fpizdam", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/44", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191031-0003/", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210919", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4166-1/", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4166-2/", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4552", }, { source: "security@php.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4553", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_36", }, { source: "security@php.net", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.php.net/bug.php?id=78599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/neex/phuip-fpizdam", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191031-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4166-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4166-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], sourceIdentifier: "security@php.net", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security@php.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-03 18:15
Modified
2025-01-27 21:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
References
Impacted products
{ cisaActionDue: "2023-12-12", cisaExploitAdd: "2023-11-21", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "GNU C Library Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "71609239-5262-473E-ACCE-18AE51AB184E", versionEndExcluding: "2.39", versionStartIncluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2ABBAA9E-CCBA-480B-ABB5-454448D91262", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "8BE16CC2-C6B4-4B73-98A1-F28475A92F49", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB1DF28D-0D84-4E40-8E46-BA0EFD371111", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "09AAD850-019A-46B8-A5A1-845DE048D30A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "3C1A0CA2-2BBD-4A7A-B467-F456867D5EC6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "86034E5B-BCDD-4AFD-A460-38E790F608F5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "35232613-B8B5-4F4D-A6CD-3823C6666534", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7B3D7389-35C1-48C4-A9EC-2564842723C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "845B853C-8F99-4987-AA8E-76078CE6A977", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1251-245C-4390-8964-DDCAD54A8957", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "9A879F9F-F087-45D4-BD65-2990276477D2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "26041661-0280-4544-AA0A-BC28FCED4699", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*", matchCriteriaId: "B2C0ED62-9DEE-437C-AC01-0173128259DB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "A633E21A-EBAA-41C9-A009-A36BDC762464", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", matchCriteriaId: "359012F1-2C63-415A-88B8-6726A87830DE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", matchCriteriaId: "B2E702D7-F8C0-49BF-9FFB-883017076E98", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", }, { lang: "es", value: "Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados.", }, ], id: "CVE-2023-4911", lastModified: "2025-01-27T21:45:46.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-03T18:15:10.463", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5454", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5476", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0033", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4911", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.qualys.com/cve-2023-4911/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/05/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:5476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202310-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231013-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.qualys.com/cve-2023-4911/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 06:15
Modified
2024-11-21 09:28
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*", matchCriteriaId: "71757B74-23C1-428F-9A3D-7DC5086303A9", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "9AEC5D6F-097A-4DD3-BD12-76B6343E8C83", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "99952557-C766-4B9E-8BF5-DBBA194349FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "BC6DD887-9744-43EA-8B3C-44C6B6339590", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.", }, { lang: "es", value: "Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido.", }, ], id: "CVE-2024-3049", lastModified: "2024-11-21T09:28:45.870", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T06:15:09.550", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3657", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3658", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3659", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3660", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3661", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:4400", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:4411", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-3049", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:3661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:4400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:4411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-3049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-27 16:15
Modified
2025-04-09 14:07
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@mongodb.com | https://jira.mongodb.org/browse/COMPASS-9058 | Vendor Advisory, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://access.redhat.com/errata/RHSA-2025:1755.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mongodb | compass | * | |
| microsoft | windows | - | |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0_ppc64le | |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:*", matchCriteriaId: "1AF4CC4A-586E-4EEC-A2F8-0EA8CA343459", versionEndExcluding: "1.42.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "3DA48001-66CC-4E71-A944-68D7D654031E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "083AAC55-E87B-482A-A1F4-8F2DEB90CB23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1", }, { lang: "es", value: "MongoDB Compass puede ser susceptible a una escalada de privilegios locales en determinadas condiciones, lo que podría permitir acciones no autorizadas en el sistema de un usuario con privilegios elevados, cuando un archivo manipulado se almacena en C:\\node_modules\\. Este problema afecta a MongoDB Compass anterior a la versión 1.42.1.", }, ], id: "CVE-2025-1755", lastModified: "2025-04-09T14:07:43.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "cna@mongodb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-27T16:15:39.137", references: [ { source: "cna@mongodb.com", tags: [ "Vendor Advisory", "Issue Tracking", ], url: "https://jira.mongodb.org/browse/COMPASS-9058", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2025:1755.html", }, ], sourceIdentifier: "cna@mongodb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "cna@mongodb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:29
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 | |
| redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AD85A7-770C-4526-8AD4-D06C802692D4", versionEndExcluding: "6.4", versionStartIncluding: "3.2.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "647A34CD-AB8C-44DD-8FD7-03315633FF1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", }, { lang: "es", value: "Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP.", }, ], id: "CVE-2023-46847", lastModified: "2024-11-21T08:29:25.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:08.023", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-12-18 01:15
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "D68B5D22-7802-4AA1-9835-97208C2DF9BD", versionEndExcluding: "6.4", versionStartIncluding: "2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "647A34CD-AB8C-44DD-8FD7-03315633FF1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.", }, { lang: "es", value: "SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales.", }, ], id: "CVE-2023-46846", lastModified: "2024-12-18T01:15:06.010", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:07.953", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:11049", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-27 16:15
Modified
2024-11-21 08:35
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shadow-maint | shadow-utils | * | |
| redhat | codeready_linux_builder | 8.0 | |
| redhat | codeready_linux_builder | 9.0 | |
| redhat | codeready_linux_builder_for_arm64 | 8.0_aarch64 | |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 | |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0_s390x | |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x | |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0_ppc64le | |
| redhat | codeready_linux_builder_for_power_little_endian | 9.0_ppc64le | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_for_arm_64 | 8.0 | |
| redhat | enterprise_linux_for_arm_64 | 9.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_for_power_little_endian | 9.0_ppc64le |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:shadow-maint:shadow-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "484C918F-130D-4D52-85EF-F7DCD276CC36", versionEndExcluding: "4.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", matchCriteriaId: "93A089E2-D66E-455C-969A-3140D991BAF4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2ABBAA9E-CCBA-480B-ABB5-454448D91262", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "910C9542-26FC-4635-9351-128727971830", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "F791F846-7762-40E0-9056-032FD10F2046", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "7B3D7389-35C1-48C4-A9EC-2564842723C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6B528C5D-0F72-4685-8516-257597E94AE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", }, { lang: "es", value: "Se encontró una falla en Shadow-Utils. Al solicitar una nueva contraseña, Shadow-Utils la solicita dos veces. Si la contraseña falla en el segundo intento, Shadow-Utils no logra limpiar el búfer utilizado para almacenar la primera entrada. Esto puede permitir que un atacante con suficiente acceso recupere la contraseña de la memoria.", }, ], id: "CVE-2023-4641", lastModified: "2024-11-21T08:35:35.837", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-27T16:15:13.363", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-303", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-01 16:15
Modified
2024-11-21 08:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:insights-client:*:*:*:*:*:*:*:*", matchCriteriaId: "1871053B-0037-452A-87DE-BE1FFE5907BC", versionEndExcluding: "3.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "5CA4F12A-5BC5-4D75-8F20-80D8BB2C5BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3F797F2E-00E6-4D03-A94E-524227529A0A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "3EFBEEE7-8BC5-4F4E-8EFA-42A6743152BB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83981111-E13A-4A88-80FD-F63D7CCAA47F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6AAF4A69-A4CC-409E-BC05-FABAE86321B2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "78825319-8A45-4880-B7C4-2B223029DDD3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", matchCriteriaId: "566507B6-AC95-47F7-A3FB-C6F414E45F51", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "9EF5C4AC-CA69-41E3-AD93-7AC21931374A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83364F5C-57F4-4D57-B54F-540CAC1D7753", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B6C30A81-BF75-46CC-A05E-42BAF271D1C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "213A5029-FCF9-4EA9-AEF9-21313F6DCBD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "A49ABD84-6755-4894-AD4E-49AAD39933C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "71DDE212-1018-4554-9C06-4908442DE134", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "12A809B2-2771-4780-9E0D-6A7B4A534CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FE4AEBCB-B1E6-4A6A-9E8C-DDC5A003BCB9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "3ADDB02D-F377-43CE-B0A8-FC6C7D5CFABC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E881C927-DF96-4D2E-9887-FF12E456B1FB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "FB096D5D-E8F6-4164-8B76-0217B7151D30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", matchCriteriaId: "01ED4F33-EBE7-4C04-8312-3DA580EFFB68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).", }, { lang: "es", value: "Se encontró una vulnerabilidad en insights-client. Este problema de seguridad se produce debido a operaciones de archivos inseguras o al manejo inseguro de archivos y directorios temporales que conducen a una escalada de privilegios locales. Antes de que el usuario root registre el cliente de insights en el sistema, un usuario local sin privilegios o un atacante podría crear el directorio /var/tmp/insights-client (que posee el directorio con permisos de lectura, escritura y ejecución) en el sistema. Después de que el cliente de Insights esté registrado como root, un atacante podría controlar el contenido del directorio que utiliza Insights colocando scripts maliciosos en él y ejecutando código arbitrario como root (evitando trivialmente las protecciones de SELinux porque los procesos de Insights pueden desactivar SELinux en todo el sistema).", }, ], id: "CVE-2023-3972", lastModified: "2024-11-21T08:18:25.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-01T16:15:08.517", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6264", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6282", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6283", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6284", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6795", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6796", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6798", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6811", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3972", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2227027", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/RedHatInsights/insights-core/pull/3878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3972", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2227027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/RedHatInsights/insights-core/pull/3878", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-379", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-379", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-12 13:38
Modified
2024-11-21 09:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libtiff | libtiff | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_for_arm_64 | 9.2 | |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2 | |
| redhat | enterprise_linux_server_aus | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", matchCriteriaId: "990756E5-66EA-41E0-8C61-0BF877443C50", versionEndIncluding: "4.6.0", versionStartIncluding: "3.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:*:*", matchCriteriaId: "2D1E1C3E-0188-43C3-8911-858B5D7A2965", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "71DDE212-1018-4554-9C06-4908442DE134", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", }, { lang: "es", value: "Se encontró una falla de desreferencia de puntero nulo en Libtiff a través de `tif_dirinfo.c`. Este problema puede permitir que un atacante desencadene fallas de asignación de memoria a través de ciertos medios, como restringir el tamaño del espacio del montón o inyectar fallas, lo que provoca una falla de segmentación. Esto puede provocar un fallo de la aplicación y, en última instancia, provocar una denegación de servicio.", }, ], id: "CVE-2024-7006", lastModified: "2024-11-21T09:50:44.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-12T13:38:40.577", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:6360", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:8833", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:8914", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-7006", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240920-0001/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-27 16:15
Modified
2025-04-09 14:07
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@mongodb.com | https://jira.mongodb.org/browse/MONGOSH-2028 | Vendor Advisory, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://access.redhat.com/errata/RHSA-2025:1756 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mongodb | mongosh | * | |
| redhat | codeready_linux_builder_eus | 9.4 | |
| redhat | codeready_linux_builder_for_arm64_eus | 9.4_aarch64 | |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.4_s390x | |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.4_ppc64le | |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 | |
| redhat | enterprise_linux_eus | 9.4 | |
| redhat | enterprise_linux_for_arm_64 | 9.4_aarch64 | |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.4_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x | |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le | |
| redhat | enterprise_linux_server_aus | 9.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*", matchCriteriaId: "64C2BFE9-64C0-4711-A311-1DFDFEBE4477", versionEndExcluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "35232613-B8B5-4F4D-A6CD-3823C6666534", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", matchCriteriaId: "F0F1D571-6C70-45D9-BC76-C6DF33967127", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "DBF70805-7EBF-4731-83DB-D71F7A646B0F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "069180B4-BA50-4AD0-8BA9-83F8005E58BE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0", }, { lang: "es", value: "Mongosh puede ser susceptible a una escalada de privilegios locales en determinadas condiciones, lo que podría permitir acciones no autorizadas en el sistema de un usuario con privilegios elevados, cuando un archivo manipulado se almacena en C:\\node_modules\\. Este problema afecta a mongosh antes de la versión 2.3.0.", }, ], id: "CVE-2025-1756", lastModified: "2025-04-09T14:07:26.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "cna@mongodb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-27T16:15:39.287", references: [ { source: "cna@mongodb.com", tags: [ "Vendor Advisory", "Issue Tracking", ], url: "https://jira.mongodb.org/browse/MONGOSH-2028", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2025:1756", }, ], sourceIdentifier: "cna@mongodb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "cna@mongodb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-4732
Vulnerability from cvelistv5
Published
2023-10-03 16:55
Modified
2024-11-15 16:32
Severity ?
EPSS score ?
Summary
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7539 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0412 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4732 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2236982 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.5.1.rt7.307.el8_9 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6901", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { name: "RHSA-2023:7077", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7077", }, { name: "RHSA-2023:7539", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7539", }, { name: "RHSA-2024:0412", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4732", }, { name: "RHBZ#2236982", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", ], defaultStatus: "affected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.5.1.rt7.307.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.5.1.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-372.87.1.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-477.36.1.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-372.87.1.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "kernel", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "kernel", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "kernel", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2023-09-02T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-366", description: "Race Condition within a Thread", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T16:32:59.415Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6901", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { name: "RHSA-2023:7077", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7077", }, { name: "RHSA-2023:7539", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7539", }, { name: "RHSA-2024:0412", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4732", }, { name: "RHBZ#2236982", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, ], timeline: [ { lang: "en", time: "2023-09-02T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-09-02T00:00:00+00:00", value: "Made public.", }, ], title: "Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h", workarounds: [ { lang: "en", value: "A possible workaround is disabling Transparent Hugepage", }, ], x_redhatCweChain: "CWE-366: Race Condition within a Thread", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4732", datePublished: "2023-10-03T16:55:01.864Z", dateReserved: "2023-09-02T14:19:13.104Z", dateUpdated: "2024-11-15T16:32:59.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13272
Vulnerability from cvelistv5
Published
2019-07-17 12:32
Modified
2025-02-04 20:35
Severity ?
EPSS score ?
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:49:24.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-13272", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:35:06.511512Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13272", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:35:33.942Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-23T18:06:10.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { name: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { name: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "https://security.netapp.com/advisory/ntap-20190806-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4095-1/", }, { name: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { name: "https://support.f5.com/csp/article/K91025336", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { name: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", }, { name: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13272", datePublished: "2019-07-17T12:32:55.000Z", dateReserved: "2019-07-04T00:00:00.000Z", dateUpdated: "2025-02-04T20:35:33.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5870
Vulnerability from cvelistv5
Published
2023-12-10 17:58
Modified
2024-12-02 17:04
Severity ?
EPSS score ?
Summary
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected: 4.2.4-6 < * cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5870", }, { name: "RHBZ#2247170", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/support/security/CVE-2023-5870/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-5870", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-12-19T19:42:25.492582Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T17:04:19.568Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113712.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231128173330.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113548.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231114115246.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231128165328.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231114105206.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231128165335.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231113134015.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9030020231120082734.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9020020231115020618.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql12-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:12.17-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql13-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "postgresql", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "postgresql:10/postgresql", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-postgresql10-postgresql", product: "Red Hat Software Collections", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters.", }, ], datePublic: "2023-11-09T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T15:11:36.533Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5870", }, { name: "RHBZ#2247170", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", }, { url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { url: "https://www.postgresql.org/support/security/CVE-2023-5870/", }, ], timeline: [ { lang: "en", time: "2023-10-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-09T00:00:00+00:00", value: "Made public.", }, ], title: "Postgresql: role pg_signal_backend can signal certain superuser processes.", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-400: Uncontrolled Resource Consumption", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5870", datePublished: "2023-12-10T17:58:30.213Z", dateReserved: "2023-10-31T03:56:58.366Z", dateUpdated: "2024-12-02T17:04:19.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11043
Vulnerability from cvelistv5
Published
2019-10-28 14:19
Modified
2025-02-07 13:17
Severity ?
EPSS score ?
Summary
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:40:16.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/neex/phuip-fpizdam", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.php.net/bug.php?id=78599", }, { name: "USN-4166-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4166-1/", }, { name: "DSA-4552", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4552", }, { name: "DSA-4553", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4553", }, { name: "USN-4166-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4166-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS", }, { name: "FEDORA-2019-4adc49a476", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191031-0003/", }, { name: "RHSA-2019:3286", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3286", }, { name: "RHSA-2019:3287", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3287", }, { name: "RHSA-2019:3299", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3299", }, { name: "RHSA-2019:3300", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3300", }, { name: "FEDORA-2019-187ae3128d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/", }, { name: "FEDORA-2019-7bb07c3b02", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/", }, { name: "openSUSE-SU-2019:2441", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html", }, { name: "RHSA-2019:3724", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3724", }, { name: "RHSA-2019:3735", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3735", }, { name: "RHSA-2019:3736", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3736", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_36", }, { name: "openSUSE-SU-2019:2457", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210919", }, { name: "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/44", }, { name: "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/40", }, { name: "RHSA-2020:0322", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0322", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-11043", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:08:21.298475Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11043", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-07T13:17:23.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "PHP", vendor: "PHP", versions: [ { lessThan: "7.1.33", status: "affected", version: "7.1.x", versionType: "custom", }, { lessThan: "7.2.24", status: "affected", version: "7.2.x", versionType: "custom", }, { lessThan: "7.3.11", status: "affected", version: "7.3.x", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Reported by Emil Lerner.", }, ], datePublic: "2019-10-22T00:00:00.000Z", descriptions: [ { lang: "en", value: "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.", }, ], exploits: [ { lang: "en", value: "Exploit described at https://github.com/neex/phuip-fpizdam", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:07:18.000Z", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/neex/phuip-fpizdam", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.php.net/bug.php?id=78599", }, { name: "USN-4166-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4166-1/", }, { name: "DSA-4552", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4552", }, { name: "DSA-4553", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4553", }, { name: "USN-4166-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4166-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS", }, { name: "FEDORA-2019-4adc49a476", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191031-0003/", }, { name: "RHSA-2019:3286", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3286", }, { name: "RHSA-2019:3287", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3287", }, { name: "RHSA-2019:3299", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3299", }, { name: "RHSA-2019:3300", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3300", }, { name: "FEDORA-2019-187ae3128d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/", }, { name: "FEDORA-2019-7bb07c3b02", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/", }, { name: "openSUSE-SU-2019:2441", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html", }, { name: "RHSA-2019:3724", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3724", }, { name: "RHSA-2019:3735", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3735", }, { name: "RHSA-2019:3736", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3736", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_36", }, { name: "openSUSE-SU-2019:2457", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210919", }, { name: "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/44", }, { name: "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/40", }, { name: "RHSA-2020:0322", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0322", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], source: { defect: [ "https://bugs.php.net/bug.php?id=78599", ], discovery: "EXTERNAL", }, title: "Underflow in PHP-FPM can lead to RCE", workarounds: [ { lang: "en", value: "Configuring nginx (or other server that implements the front-end part of the FPM protocol) to check for the existence of the target file before passing it to PHP FPM (e.g. \"try_files $uri =404\" or \"if (-f $uri)\" in nginx) for would prevent this vulnerability from happening.", }, ], x_generator: { engine: "Vulnogram 0.0.8", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@php.net", DATE_PUBLIC: "2019-10-22T03:18:00.000Z", ID: "CVE-2019-11043", STATE: "PUBLIC", TITLE: "Underflow in PHP-FPM can lead to RCE", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PHP", version: { version_data: [ { version_affected: "<", version_name: "7.1.x", version_value: "7.1.33", }, { version_affected: "<", version_name: "7.2.x", version_value: "7.2.24", }, { version_affected: "<", version_name: "7.3.x", version_value: "7.3.11", }, ], }, }, ], }, vendor_name: "PHP", }, ], }, }, credit: [ { lang: "eng", value: "Reported by Emil Lerner.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.", }, ], }, exploit: [ { lang: "en", value: "Exploit described at https://github.com/neex/phuip-fpizdam", }, ], generator: { engine: "Vulnogram 0.0.8", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-120 Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/neex/phuip-fpizdam", refsource: "MISC", url: "https://github.com/neex/phuip-fpizdam", }, { name: "https://bugs.php.net/bug.php?id=78599", refsource: "CONFIRM", url: "https://bugs.php.net/bug.php?id=78599", }, { name: "USN-4166-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4166-1/", }, { name: "DSA-4552", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4552", }, { name: "DSA-4553", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4553", }, { name: "USN-4166-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4166-2/", }, { name: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS", }, { name: "FEDORA-2019-4adc49a476", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/", }, { name: "https://security.netapp.com/advisory/ntap-20191031-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191031-0003/", }, { name: "RHSA-2019:3286", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3286", }, { name: "RHSA-2019:3287", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3287", }, { name: "RHSA-2019:3299", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3299", }, { name: "RHSA-2019:3300", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3300", }, { name: "FEDORA-2019-187ae3128d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/", }, { name: "FEDORA-2019-7bb07c3b02", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/", }, { name: "openSUSE-SU-2019:2441", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html", }, { name: "RHSA-2019:3724", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3724", }, { name: "RHSA-2019:3735", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3735", }, { name: "RHSA-2019:3736", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3736", }, { name: "https://www.synology.com/security/advisory/Synology_SA_19_36", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_19_36", }, { name: "openSUSE-SU-2019:2457", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html", }, { name: "https://support.apple.com/kb/HT210919", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210919", }, { name: "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/44", }, { name: "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Jan/40", }, { name: "RHSA-2020:0322", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0322", }, { name: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, source: { defect: [ "https://bugs.php.net/bug.php?id=78599", ], discovery: "EXTERNAL", }, work_around: [ { lang: "en", value: "Configuring nginx (or other server that implements the front-end part of the FPM protocol) to check for the existence of the target file before passing it to PHP FPM (e.g. \"try_files $uri =404\" or \"if (-f $uri)\" in nginx) for would prevent this vulnerability from happening.", }, ], }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2019-11043", datePublished: "2019-10-28T14:19:04.252Z", dateReserved: "2019-04-09T00:00:00.000Z", dateUpdated: "2025-02-07T13:17:23.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5157
Vulnerability from cvelistv5
Published
2023-09-26 13:25
Modified
2024-11-15 16:33
Severity ?
EPSS score ?
Summary
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5683 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5684 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6821 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6822 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7633 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5157 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2240246 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8080020231003163755.63b34585 < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:52:06.728Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:5683", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5683", }, { name: "RHSA-2023:5684", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5684", }, { name: "RHSA-2023:6821", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6821", }, { name: "RHSA-2023:6822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6822", }, { name: "RHSA-2023:6883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6883", }, { name: "RHSA-2023:7633", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7633", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5157", }, { name: "RHBZ#2240246", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "mariadb:10.5", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231003163755.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "mariadb:10.5", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231006044227.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "mariadb:10.5", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231006044227.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "mariadb:10.5", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231006044227.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "mariadb:10.5", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231005052631.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", ], defaultStatus: "affected", packageName: "galera", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:26.4.14-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", ], defaultStatus: "affected", packageName: "mariadb", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:10.5.22-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", ], defaultStatus: "affected", packageName: "galera", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:26.4.14-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", ], defaultStatus: "affected", packageName: "mariadb", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:10.5.22-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-mariadb105-galera", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:26.4.14-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-mariadb105-mariadb", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:10.5.22-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "mariadb", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "mariadb:10.3/galera", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "mariadb:10.3/mariadb", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, ], datePublic: "2023-09-20T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T16:33:35.239Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:5683", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5683", }, { name: "RHSA-2023:5684", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5684", }, { name: "RHSA-2023:6821", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6821", }, { name: "RHSA-2023:6822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6822", }, { name: "RHSA-2023:6883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6883", }, { name: "RHSA-2023:7633", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7633", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5157", }, { name: "RHBZ#2240246", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", }, ], timeline: [ { lang: "en", time: "2023-09-22T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-09-20T00:00:00+00:00", value: "Made public.", }, ], title: "Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6", x_redhatCweChain: "CWE-400: Uncontrolled Resource Consumption", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5157", datePublished: "2023-09-26T13:25:24.082Z", dateReserved: "2023-09-25T08:31:06.489Z", dateUpdated: "2024-11-15T16:33:35.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1488
Vulnerability from cvelistv5
Published
2024-02-15 05:04
Modified
2025-01-30 21:13
Severity ?
EPSS score ?
Summary
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1750 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1751 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1780 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1801 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1802 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1804 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2587 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2696 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0837 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-1488 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2264183 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 1.16.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1488", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-15T18:02:37.532018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:53.092Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:40:21.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1750", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1750", }, { name: "RHSA-2024:1751", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1751", }, { name: "RHSA-2024:1780", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1780", }, { name: "RHSA-2024:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1801", }, { name: "RHSA-2024:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1802", }, { name: "RHSA-2024:1804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1804", }, { name: "RHSA-2024:2587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2587", }, { name: "RHSA-2024:2696", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2696", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-1488", }, { name: "RHBZ#2264183", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://src.fedoraproject.org/rpms/unbound/", defaultStatus: "unaffected", packageName: "unbound", versions: [ { status: "affected", version: "1.16.2", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.16.2-5.el8_9.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.16.2-5.8.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-12.el8_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-12.el8_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-12.el8_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-15.el8_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-15.el8_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-15.el8_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7.3-17.el8_6.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.16.2-5.el8_8.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.16.2-3.el9_3.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-13.el9_0.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "unbound", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.16.2-3.el9_2.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "unbound", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "unbound", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2024-02-13T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T21:13:43.514Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1750", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1750", }, { name: "RHSA-2024:1751", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1751", }, { name: "RHSA-2024:1780", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1780", }, { name: "RHSA-2024:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1801", }, { name: "RHSA-2024:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1802", }, { name: "RHSA-2024:1804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1804", }, { name: "RHSA-2024:2587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2587", }, { name: "RHSA-2024:2696", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2696", }, { name: "RHSA-2025:0837", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0837", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-1488", }, { name: "RHBZ#2264183", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", }, ], timeline: [ { lang: "en", time: "2024-02-14T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-02-13T00:00:00+00:00", value: "Made public.", }, ], title: "Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-276: Incorrect Default Permissions", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-1488", datePublished: "2024-02-15T05:04:13.994Z", dateReserved: "2024-02-14T12:47:25.283Z", dateUpdated: "2025-01-30T21:13:43.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46846
Vulnerability from cvelistv5
Published
2023-11-03 07:33
Modified
2025-01-27 07:40
Severity ?
EPSS score ?
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.6 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { name: "RHBZ#2245910", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46846", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-12-19T21:18:15.819621Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:31:21.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/squid-cache/squid", defaultStatus: "unaffected", packageName: "squid", versions: [ { lessThan: "6.4", status: "affected", version: "2.6", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-17.el7_9.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231030214932.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231030224841.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8010020231101141358.c27ad7f8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231031165747.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "squid34", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], datePublic: "2023-10-19T00:00:00.000Z", descriptions: [ { lang: "en", value: "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T07:40:08.286Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2024:11049", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11049", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { name: "RHBZ#2245910", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: request/response smuggling in http/1.1 and icap", x_redhatCweChain: "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-46846", datePublished: "2023-11-03T07:33:16.184Z", dateReserved: "2023-10-27T08:36:38.158Z", dateUpdated: "2025-01-27T07:40:08.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9675
Vulnerability from cvelistv5
Published
2024-10-09 14:32
Modified
2025-04-11 00:35
Severity ?
EPSS score ?
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9675", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T16:16:25.550764Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T16:24:34.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/buildah", defaultStatus: "unaffected", packageName: "buildah", versions: [ { lessThan: "1.38.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020241023085649.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020241025064551.0f77c1b7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.10-1.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-16.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:5.2.2-9.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.5-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.26.8-2.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.2.0-5.el9_0.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.4-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.4.1-21.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.12.0-202503181728.p0.ge355452.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-16.rhaos4.13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.13.0-202503111300.p0.gb379980.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-21.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-32.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-12.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "5:5.2.2-1.rhaos4.17.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-agent-base-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-builder-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, ], datePublic: "2024-10-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-11T00:35:01.273Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:8563", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8563", }, { name: "RHSA-2024:8675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8675", }, { name: "RHSA-2024:8679", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8679", }, { name: "RHSA-2024:8686", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8686", }, { name: "RHSA-2024:8690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8690", }, { name: "RHSA-2024:8700", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8700", }, { name: "RHSA-2024:8703", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8703", }, { name: "RHSA-2024:8707", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8707", }, { name: "RHSA-2024:8708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8708", }, { name: "RHSA-2024:8709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8709", }, { name: "RHSA-2024:8846", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8846", }, { name: "RHSA-2024:8984", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8984", }, { name: "RHSA-2024:8994", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8994", }, { name: "RHSA-2024:9051", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9051", }, { name: "RHSA-2024:9454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9454", }, { name: "RHSA-2024:9459", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9459", }, { name: "RHSA-2025:2445", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2445", }, { name: "RHSA-2025:2449", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2449", }, { name: "RHSA-2025:2454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { name: "RHSA-2025:2701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2701", }, { name: "RHSA-2025:2710", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { name: "RHSA-2025:3301", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3301", }, { name: "RHSA-2025:3573", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3573", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9675", }, { name: "RHBZ#2317458", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317458", }, ], timeline: [ { lang: "en", time: "2024-10-09T02:45:06.343000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-09T00:00:00+00:00", value: "Made public.", }, ], title: "Buildah: buildah allows arbitrary directory mount", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9675", datePublished: "2024-10-09T14:32:11.922Z", dateReserved: "2024-10-09T02:47:50.357Z", dateUpdated: "2025-04-11T00:35:01.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46847
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2025-02-28 01:09
Severity ?
EPSS score ?
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2.0.1 < 6.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6805", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:6882", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { name: "RHSA-2023:6884", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2023:7576", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { name: "RHSA-2023:7578", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { name: "RHBZ#2245916", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/squid-cache/squid", defaultStatus: "unaffected", packageName: "squid", versions: [ { lessThan: "6.4", status: "affected", version: "3.2.0.1", versionType: "custom", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:6", ], defaultStatus: "affected", packageName: "squid34", product: "Red Hat Enterprise Linux 6 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.4.14-15.el6_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:6", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 6 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.1.23-24.el6_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-17.el7_9.9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:7.6::server", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-12.el7_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:7.7::server", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7.7 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-13.el7_7.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231030214932.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231030224841.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8010020231101141358.c27ad7f8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231031165747.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.3", versionType: "rpm", }, ], }, ], datePublic: "2023-10-19T00:00:00.000Z", descriptions: [ { lang: "en", value: "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Critical", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T01:09:44.601Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6805", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:6882", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { name: "RHSA-2023:6884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2023:7576", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { name: "RHSA-2023:7578", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { name: "RHBZ#2245916", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: denial of service in http digest authentication", x_redhatCweChain: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-46847", datePublished: "2023-11-03T07:58:05.641Z", dateReserved: "2023-10-27T08:36:38.158Z", dateUpdated: "2025-02-28T01:09:44.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1755
Vulnerability from cvelistv5
Published
2025-02-27 15:24
Modified
2025-02-27 16:07
Severity ?
EPSS score ?
Summary
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MongoDB Inc | MongoDB Compass |
Version: 0 < 1.42.1 cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1755", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-27T16:07:15.336525Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T16:07:45.320Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "third-party-advisory", ], url: "https://access.redhat.com/errata/RHSA-2025:1755.html", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "MongoDB Compass", vendor: "MongoDB Inc", versions: [ { lessThan: "1.42.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><p>Only environments with Windows as the underlying operating system is affected by this issue</p></div>", }, ], value: "Only environments with Windows as the underlying operating system is affected by this issue", }, ], credits: [ { lang: "en", type: "finder", value: "T. Doğa Gelişli", }, ], datePublic: "2025-02-27T13:08:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1</p>", }, ], value: "MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-27T15:24:07.174Z", orgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", shortName: "mongodb", }, references: [ { url: "https://jira.mongodb.org/browse/COMPASS-9058", }, ], source: { discovery: "EXTERNAL", }, title: "MongoDB Compass may be susceptible to local privilege escalation in Windows", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", assignerShortName: "mongodb", cveId: "CVE-2025-1755", datePublished: "2025-02-27T15:24:07.174Z", dateReserved: "2025-02-27T13:02:01.480Z", dateUpdated: "2025-02-27T16:07:45.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4527
Vulnerability from cvelistv5
Published
2023-09-18 16:32
Modified
2024-12-03 14:44
Severity ?
EPSS score ?
Summary
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5453 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5455 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4527 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234712 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:2.28-225.el8_8.6 < * cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:31:06.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/09/25/1", }, { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4527", }, { name: "RHBZ#2234712", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-03", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0012/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4527", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T14:44:32.771215Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:44:48.342Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "compat-glibc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "glibc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "compat-glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Florian Weimer (Red Hat).", }, ], datePublic: "2023-09-12T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T01:12:22.555Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4527", }, { name: "RHBZ#2234712", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", }, ], timeline: [ { lang: "en", time: "2023-08-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-09-12T00:00:00+00:00", value: "Made public.", }, ], title: "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", workarounds: [ { lang: "en", value: "Removing the no-aaaa diagnostic option from /etc/resolv.conf will mitigate this flaw.", }, ], x_redhatCweChain: "CWE-121: Stack-based Buffer Overflow", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4527", datePublished: "2023-09-18T16:32:18.597Z", dateReserved: "2023-08-24T19:36:21.484Z", dateUpdated: "2024-12-03T14:44:48.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6387
Vulnerability from cvelistv5
Published
2024-07-01 12:37
Modified
2025-04-24 18:35
Severity ?
EPSS score ?
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4312 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4340 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4389 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4469 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4474 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4479 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4484 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-6387 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2294604 | issue-tracking, x_refsource_REDHAT | |
| https://santandersecurityresearch.github.io/blog/sshing_the_masses.html | ||
| https://www.openssh.com/txt/release-9.8 | ||
| https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 8.5p1 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-6387", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T13:18:34.695298Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-02T13:18:46.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-04-24T18:35:27.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387", }, { url: "https://www.exploit-db.com/exploits/52269", }, { url: "https://packetstorm.news/files/id/190587/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/01/12", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/01/13", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/02/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/11", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/04/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/04/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/08/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/08/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/09/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/09/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/10/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/10/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/10/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/10/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/10/6", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/11/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/11/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/6", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/28/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/28/3", }, { name: "RHSA-2024:4312", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4312", }, { name: "RHSA-2024:4340", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4340", }, { name: "RHSA-2024:4389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4389", }, { name: "RHSA-2024:4469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4469", }, { name: "RHSA-2024:4474", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4474", }, { name: "RHSA-2024:4479", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4479", }, { name: "RHSA-2024:4484", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-6387", }, { tags: [ "x_transferred", ], url: "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", }, { tags: [ "x_transferred", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server", }, { name: "RHBZ#2294604", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", }, { tags: [ "x_transferred", ], url: "https://explore.alas.aws.amazon.com/CVE-2024-6387.html", }, { tags: [ "x_transferred", ], url: "https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132", }, { tags: [ "x_transferred", ], url: "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc", }, { tags: [ "x_transferred", ], url: "https://github.com/AlmaLinux/updates/issues/629", }, { tags: [ "x_transferred", ], url: "https://github.com/Azure/AKS/issues/4379", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/azurelinux/issues/9555", }, { tags: [ "x_transferred", ], url: "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09", }, { tags: [ "x_transferred", ], url: "https://github.com/oracle/oracle-linux/issues/149", }, { tags: [ "x_transferred", ], url: "https://github.com/rapier1/hpn-ssh/issues/87", }, { tags: [ "x_transferred", ], url: "https://github.com/zgzhang/cve-2024-6387-poc", }, { tags: [ "x_transferred", ], url: "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/", }, { tags: [ "x_transferred", ], url: "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", }, { tags: [ "x_transferred", ], url: "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=40843778", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010", }, { tags: [ "x_transferred", ], url: "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2024-6387", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240701-0001/", }, { tags: [ "x_transferred", ], url: "https://sig-security.rocky.page/issues/CVE-2024-6387/", }, { tags: [ "x_transferred", ], url: "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2024-6387", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-6859-1", }, { tags: [ "x_transferred", ], url: "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100", }, { tags: [ "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.8", }, { tags: [ "x_transferred", ], url: "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", }, { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/security/cve/CVE-2024-6387.html", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2024/07/01/regresshion_openssh/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214118", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214120", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { collectionURL: "https://www.openssh.com/", defaultStatus: "unaffected", packageName: "OpenSSH", repo: "https://anongit.mindrot.org/openssh.git", versions: [ { lessThanOrEqual: "9.7p1", status: "affected", version: "8.5p1", versionType: "custom", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:8.7p1-38.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:8.7p1-38.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", "cpe:/o:redhat:rhel_e4s:9.0::baseos", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:8.7p1-12.el9_0.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:8.7p1-30.el9_2.4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "413.92.202407091321-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "414.92.202407091253-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202407091355-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "416.94.202407081958-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ceph_storage:5", ], defaultStatus: "unaffected", packageName: "openssh", product: "Red Hat Ceph Storage 5", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ceph_storage:6", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Ceph Storage 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ceph_storage:7", ], defaultStatus: "affected", packageName: "openssh", product: "Red Hat Ceph Storage 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "openssh", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "openssh", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "openssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.", }, ], datePublic: "2024-07-01T08:00:00.000Z", descriptions: [ { lang: "en", value: "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-364", description: "Signal Handler Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T17:19:20.471Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4312", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4312", }, { name: "RHSA-2024:4340", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4340", }, { name: "RHSA-2024:4389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4389", }, { name: "RHSA-2024:4469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4469", }, { name: "RHSA-2024:4474", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4474", }, { name: "RHSA-2024:4479", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4479", }, { name: "RHSA-2024:4484", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-6387", }, { name: "RHBZ#2294604", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", }, { url: "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", }, { url: "https://www.openssh.com/txt/release-9.8", }, { url: "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", }, ], timeline: [ { lang: "en", time: "2024-06-27T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-07-01T08:00:00+00:00", value: "Made public.", }, ], title: "Openssh: regresshion - race condition in ssh allows rce/dos", workarounds: [ { lang: "en", value: "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed.", }, ], x_redhatCweChain: "CWE-364: Signal Handler Race Condition", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-6387", datePublished: "2024-07-01T12:37:25.431Z", dateReserved: "2024-06-27T13:41:03.421Z", dateUpdated: "2025-04-24T18:35:27.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5868
Vulnerability from cvelistv5
Published
2023-12-10 17:56
Modified
2024-11-15 15:10
Severity ?
EPSS score ?
Summary
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected: 4.2.4-6 < * cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5868", }, { name: "RHBZ#2247168", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/support/security/CVE-2023-5868/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113712.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231128173330.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113548.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231114115246.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231128165328.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231114105206.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231128165335.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231113134015.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9030020231120082734.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9020020231115020618.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql12-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:12.17-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql13-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "postgresql", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "postgresql:10/postgresql", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-postgresql10-postgresql", product: "Red Hat Software Collections", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Upstream acknowledges Jingzhou Fu as the original reporter.", }, ], datePublic: "2023-11-09T00:00:00+00:00", descriptions: [ { lang: "en", value: "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-686", description: "Function Call With Incorrect Argument Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T15:10:57.961Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5868", }, { name: "RHBZ#2247168", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", }, { url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { url: "https://www.postgresql.org/support/security/CVE-2023-5868/", }, ], timeline: [ { lang: "en", time: "2023-10-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-09T00:00:00+00:00", value: "Made public.", }, ], title: "Postgresql: memory disclosure in aggregate function calls", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-686: Function Call With Incorrect Argument Type", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5868", datePublished: "2023-12-10T17:56:57.176Z", dateReserved: "2023-10-31T03:56:17.314Z", dateUpdated: "2024-11-15T15:10:57.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5992
Vulnerability from cvelistv5
Published
2024-01-31 14:05
Modified
2024-11-24 12:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0966 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0967 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5992 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248685 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 | ||
| https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:0.20.0-8.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-5992", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-02T13:54:54.249985Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:28:33.779Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:14:25.164Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:0966", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0966", }, { name: "RHSA-2024:0967", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0967", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5992", }, { name: "RHBZ#2248685", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248685", }, { tags: [ "x_transferred", ], url: "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "opensc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.20.0-8.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "opensc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.23.0-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "opensc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Hubert Kario (Red Hat).", }, ], datePublic: "2023-11-28T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T12:46:52.557Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:0966", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0966", }, { name: "RHSA-2024:0967", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0967", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5992", }, { name: "RHBZ#2248685", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248685", }, { url: "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992", }, { url: "https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf", }, ], timeline: [ { lang: "en", time: "2023-11-08T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-28T00:00:00+00:00", value: "Made public.", }, ], title: "Opensc: side-channel leaks while stripping encryption pkcs#1 padding", x_redhatCweChain: "CWE-203: Observable Discrepancy", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5992", datePublished: "2024-01-31T14:05:07.630Z", dateReserved: "2023-11-07T15:57:24.037Z", dateUpdated: "2024-11-24T12:46:52.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3049
Vulnerability from cvelistv5
Published
2024-06-06 05:30
Modified
2024-12-24 14:31
Severity ?
EPSS score ?
Summary
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:3657 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3658 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3659 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3660 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3661 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4400 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4411 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-3049 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2272082 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 1.0-283.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3049", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T20:24:04.305850Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T20:24:16.483Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-24T18:03:12.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:3657", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3657", }, { name: "RHSA-2024:3658", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3658", }, { name: "RHSA-2024:3659", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3659", }, { name: "RHSA-2024:3660", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3660", }, { name: "RHSA-2024:3661", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3661", }, { name: "RHSA-2024:4400", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4400", }, { name: "RHSA-2024:4411", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4411", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-3049", }, { name: "RHBZ#2272082", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272082", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/ClusterLabs/booth", defaultStatus: "unaffected", packageName: "booth", versions: [ { status: "affected", version: "1.0-283.1", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.1-1.el8_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::highavailability", "cpe:/a:redhat:rhel_e4s:8.4::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-199.1.ac1d34c.git.el8_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::highavailability", "cpe:/a:redhat:rhel_e4s:8.4::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-199.1.ac1d34c.git.el8_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::highavailability", "cpe:/a:redhat:rhel_tus:8.6::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-199.1.ac1d34c.git.el8_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::highavailability", "cpe:/a:redhat:rhel_tus:8.6::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-199.1.ac1d34c.git.el8_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::resilientstorage", "cpe:/a:redhat:rhel_eus:8.8::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-283.1.9d4029a.git.el8_8.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::resilientstorage", "cpe:/a:redhat:enterprise_linux:9::highavailability", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.1-1.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::highavailability", "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-251.3.bfb2f92.git.el9_0.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::highavailability", "cpe:/a:redhat:rhel_eus:9.2::resilientstorage", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0-283.1.9d4029a.git.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "booth", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2024-05-27T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-24T14:31:48.845Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:3657", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3657", }, { name: "RHSA-2024:3658", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3658", }, { name: "RHSA-2024:3659", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3659", }, { name: "RHSA-2024:3660", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3660", }, { name: "RHSA-2024:3661", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3661", }, { name: "RHSA-2024:4400", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4400", }, { name: "RHSA-2024:4411", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4411", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-3049", }, { name: "RHBZ#2272082", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272082", }, ], timeline: [ { lang: "en", time: "2024-03-28T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-05-27T00:00:00+00:00", value: "Made public.", }, ], title: "Booth: specially crafted hash can lead to invalid hmac being accepted by booth server", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-345: Insufficient Verification of Data Authenticity", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-3049", datePublished: "2024-06-06T05:30:04.137Z", dateReserved: "2024-03-28T17:17:50.507Z", dateUpdated: "2024-12-24T14:31:48.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5869
Vulnerability from cvelistv5
Published
2023-12-10 17:56
Modified
2024-11-15 15:11
Severity ?
EPSS score ?
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected: 4.2.4-6 < * cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.605Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7771", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7771", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7778", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7778", }, { name: "RHSA-2023:7783", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7783", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7786", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7786", }, { name: "RHSA-2023:7788", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7788", }, { name: "RHSA-2023:7789", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7789", }, { name: "RHSA-2023:7790", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7790", }, { name: "RHSA-2023:7878", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7878", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5869", }, { name: "RHBZ#2247169", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0003/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { tags: [ "x_transferred", ], url: "https://www.postgresql.org/support/security/CVE-2023-5869/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.2::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.2.4-7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.24-9.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113712.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231128173330.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231201202407.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231114113548.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8010020231130170510.c27ad7f8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231201202149.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231201202149.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231128165246.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231201202149.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127142440.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127142440.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127153301.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127154806.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231127142440.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231114115246.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231128165328.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231201202249.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:13", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231114105206.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:12", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231128165335.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:10", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231201202316.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231113134015.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9030020231120082734.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "postgresql:15", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "9020020231115020618.rhel9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql12-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:12.17-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql10-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:10.23-2.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3::el7", ], defaultStatus: "affected", packageName: "rh-postgresql13-postgresql", product: "Red Hat Software Collections for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:13.13-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3.74::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-3.74-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.74.8-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.1::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "RHACS-4.1-RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.1.6-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "postgresql", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "postgresql:16/postgresql", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Upstream acknowledges Pedro Gallegos as the original reporter.", }, ], datePublic: "2023-11-09T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T15:11:34.563Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:7545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7545", }, { name: "RHSA-2023:7579", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7579", }, { name: "RHSA-2023:7580", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7580", }, { name: "RHSA-2023:7581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7581", }, { name: "RHSA-2023:7616", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7616", }, { name: "RHSA-2023:7656", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7656", }, { name: "RHSA-2023:7666", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7666", }, { name: "RHSA-2023:7667", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7667", }, { name: "RHSA-2023:7694", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7694", }, { name: "RHSA-2023:7695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7695", }, { name: "RHSA-2023:7714", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7714", }, { name: "RHSA-2023:7770", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7770", }, { name: "RHSA-2023:7771", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7771", }, { name: "RHSA-2023:7772", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7772", }, { name: "RHSA-2023:7778", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7778", }, { name: "RHSA-2023:7783", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7783", }, { name: "RHSA-2023:7784", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7784", }, { name: "RHSA-2023:7785", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7785", }, { name: "RHSA-2023:7786", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7786", }, { name: "RHSA-2023:7788", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7788", }, { name: "RHSA-2023:7789", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7789", }, { name: "RHSA-2023:7790", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7790", }, { name: "RHSA-2023:7878", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7878", }, { name: "RHSA-2023:7883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7883", }, { name: "RHSA-2023:7884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7884", }, { name: "RHSA-2023:7885", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7885", }, { name: "RHSA-2024:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0304", }, { name: "RHSA-2024:0332", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0332", }, { name: "RHSA-2024:0337", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0337", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5869", }, { name: "RHBZ#2247169", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", }, { url: "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", }, { url: "https://www.postgresql.org/support/security/CVE-2023-5869/", }, ], timeline: [ { lang: "en", time: "2023-10-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-09T00:00:00+00:00", value: "Made public.", }, ], title: "Postgresql: buffer overrun from integer overflow in array modification", workarounds: [ { lang: "en", value: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", }, ], x_redhatCweChain: "CWE-190: Integer Overflow or Wraparound", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5869", datePublished: "2023-12-10T17:56:57.131Z", dateReserved: "2023-10-31T03:56:42.638Z", dateUpdated: "2024-11-15T15:11:34.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24806
Vulnerability from cvelistv5
Published
2024-04-16 19:44
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-24806", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:50:49.420656Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T18:12:19.958Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-29", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5209", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "net-snmp", repo: "https://github.com/net-snmp/net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.<br>", }, ], value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T19:44:53.414Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { url: "https://security.gentoo.org/glsa/202210-29", }, { url: "https://www.debian.org/security/2022/dsa-5209", }, ], source: { discovery: "UNKNOWN", }, title: "net-snmp vulnerable to Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24806", datePublished: "2024-04-16T19:44:53.414Z", dateReserved: "2022-02-10T16:41:34.917Z", dateUpdated: "2024-08-03T04:20:50.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24808
Vulnerability from cvelistv5
Published
2024-04-16 19:52
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:net-snmp:net-snmp:5.9.2:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "net-snmp", vendor: "net-snmp", versions: [ { status: "affected", version: "5.9.2", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-24808", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T18:23:10.723285Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:15:57.749Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-29", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105240", }, { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "net-snmp", repo: "https://github.com/net-snmp/net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.<br>", }, ], value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T19:52:31.783Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { url: "https://security.gentoo.org/glsa/202210-29", }, { url: "https://www.debian.org/security/2022/dsa-5209", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105240", }, { url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], source: { discovery: "UNKNOWN", }, title: "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24808", datePublished: "2024-04-16T19:52:31.783Z", dateReserved: "2022-02-10T16:41:34.917Z", dateUpdated: "2024-08-03T04:20:50.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9676
Vulnerability from cvelistv5
Published
2024-10-15 15:27
Modified
2025-04-03 00:30
Severity ?
EPSS score ?
Summary
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9676", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T15:45:48.644647Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T15:46:17.963Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/storage/", defaultStatus: "unaffected", packageName: "containers/storage", versions: [ { lessThan: "1.55.1", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020241101101019.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-16.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:5.2.2-9.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.5-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.11-1.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift_ironic:4.12::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.25.5-5.rhaos4.12.git53dc492.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.5-26.rhaos4.13.giteb3d487.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.27.8-12.rhaos4.14.git7597c43.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.11-5.rhaos4.15.git35a2431.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.29.9-6.rhaos4.16.gite7bd45a.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-12.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.30.6-6.rhaos4.17.git6ac6e96.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "5:5.2.2-1.rhaos4.17.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202501281204.p0.ga753153.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "jenkins-agent-base-rhel9-container", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-agent-base-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-builder-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Erik Sjölund <erik.sjolund@gmail.com> for reporting this issue.", }, ], datePublic: "2024-10-15T15:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T00:30:48.257Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10289", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10289", }, { name: "RHSA-2024:8418", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8418", }, { name: "RHSA-2024:8428", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8428", }, { name: "RHSA-2024:8437", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8437", }, { name: "RHSA-2024:8686", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8686", }, { name: "RHSA-2024:8690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8690", }, { name: "RHSA-2024:8694", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8694", }, { name: "RHSA-2024:8700", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8700", }, { name: "RHSA-2024:8984", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8984", }, { name: "RHSA-2024:9051", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9051", }, { name: "RHSA-2024:9454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9454", }, { name: "RHSA-2024:9459", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9459", }, { name: "RHSA-2024:9926", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9926", }, { name: "RHSA-2025:0876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0876", }, { name: "RHSA-2025:2454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { name: "RHSA-2025:2710", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { name: "RHSA-2025:3301", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3301", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9676", }, { name: "RHBZ#2317467", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317467", }, { url: "https://github.com/advisories/GHSA-wq2p-5pc6-wpgf", }, ], timeline: [ { lang: "en", time: "2024-10-09T02:59:07.708000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-15T15:00:00+00:00", value: "Made public.", }, ], title: "Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9676", datePublished: "2024-10-15T15:27:33.665Z", dateReserved: "2024-10-09T03:02:48.802Z", dateUpdated: "2025-04-03T00:30:48.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4042
Vulnerability from cvelistv5
Published
2023-08-23 12:19
Modified
2024-11-23 00:14
Severity ?
EPSS score ?
Summary
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7053 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4042 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1870257 | ||
| https://bugzilla.redhat.com/show_bug.cgi?id=2228151 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:9.27-11.el8 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:17:11.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:7053", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7053", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4042", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1870257", }, { name: "RHBZ#2228151", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228151", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", ], defaultStatus: "affected", packageName: "ghostscript", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.27-11.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "ghostscript", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "ghostscript", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "gimp:flatpak/ghostscript", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "ghostscript", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2023-08-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T00:14:52.531Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:7053", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7053", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4042", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1870257", }, { name: "RHBZ#2228151", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228151", }, ], timeline: [ { lang: "en", time: "2023-08-01T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-08-23T00:00:00+00:00", value: "Made public.", }, ], title: "Ghostscript: incomplete fix for cve-2020-16305", x_redhatCweChain: "CWE-125: Out-of-bounds Read", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4042", datePublished: "2023-08-23T12:19:29.156Z", dateReserved: "2023-08-01T14:12:03.146Z", dateUpdated: "2024-11-23T00:14:52.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4641
Vulnerability from cvelistv5
Published
2023-12-27 15:43
Modified
2025-04-17 20:33
Severity ?
EPSS score ?
Summary
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6632 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7112 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0417 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2577 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4641 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215945 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:31:06.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { name: "RHSA-2023:7112", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { name: "RHSA-2024:0417", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { name: "RHSA-2024:2577", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { name: "RHBZ#2215945", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4641", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T18:19:24.685793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-17T20:33:22.477Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/shadow-maint/shadow", defaultStatus: "affected", packageName: "shadow-utils", versions: [ { lessThan: "*", status: "unaffected", version: "4.14.0-rc1", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-19.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-17.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-17.el8_8.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.9-8.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-06-17T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-303", description: "Incorrect Implementation of Authentication Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T15:32:38.166Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { name: "RHSA-2023:7112", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { name: "RHSA-2024:0417", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { name: "RHSA-2024:2577", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { name: "RHBZ#2215945", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, ], timeline: [ { lang: "en", time: "2023-06-17T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-06-17T00:00:00+00:00", value: "Made public.", }, ], title: "Shadow-utils: possible password leak during passwd(1) change", x_redhatCweChain: "CWE-303: Incorrect Implementation of Authentication Algorithm", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4641", datePublished: "2023-12-27T15:43:22.929Z", dateReserved: "2023-08-30T17:16:27.137Z", dateUpdated: "2025-04-17T20:33:22.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24807
Vulnerability from cvelistv5
Published
2024-04-16 19:49
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-24807", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T20:44:00.621550Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T18:51:55.237Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105239", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-29", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "net-snmp", repo: "https://github.com/net-snmp/net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.<br>", }, ], value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T19:49:00.448Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105239", }, { url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { url: "https://security.gentoo.org/glsa/202210-29", }, { url: "https://www.debian.org/security/2022/dsa-5209", }, { url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], source: { discovery: "UNKNOWN", }, title: "net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24807", datePublished: "2024-04-16T19:49:00.448Z", dateReserved: "2022-02-10T16:41:34.917Z", dateUpdated: "2024-08-03T04:20:50.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24805
Vulnerability from cvelistv5
Published
2024-04-16 19:37
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-24805", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T20:41:49.079548Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:15:56.050Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105238", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-29", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "net-snmp", repo: "https://github.com/net-snmp/net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.<br>", }, ], value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T19:37:40.051Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105238", }, { url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { url: "https://security.gentoo.org/glsa/202210-29", }, { url: "https://www.debian.org/security/2022/dsa-5209", }, { url: "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937", }, ], source: { discovery: "UNKNOWN", }, title: "net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24805", datePublished: "2024-04-16T19:37:40.051Z", dateReserved: "2022-02-10T16:41:34.916Z", dateUpdated: "2024-08-03T04:20:50.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4911
Vulnerability from cvelistv5
Published
2023-10-03 17:25
Modified
2025-01-28 16:07
Severity ?
EPSS score ?
Summary
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5453 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5454 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5455 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5476 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0033 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4911 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2238352 | issue-tracking, x_refsource_REDHAT | |
| https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt | ||
| https://www.qualys.com/cve-2023-4911/ |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.34 < 2.39 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:52.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/11", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/05/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/11", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/14/6", }, { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5454", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5454", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { name: "RHSA-2023:5476", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5476", }, { name: "RHSA-2024:0033", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0033", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4911", }, { name: "RHBZ#2238352", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-03", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231013-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5514", }, { tags: [ "x_transferred", ], url: "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt", }, { tags: [ "x_transferred", ], url: "https://www.qualys.com/cve-2023-4911/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4911", options: [ { Exploitation: "Active", }, { Automatable: "no", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2023-11-22T16:37:43.161550Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-11-21", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4911", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T16:07:20.500Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://sourceware.org/git/glibc.git", defaultStatus: "unaffected", packageName: "glibc", versions: [ { lessThan: "2.39", status: "affected", version: "2.34", versionType: "custom", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-189.6.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-28.el9_0.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-189.6.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", ], defaultStatus: "affected", packageName: "redhat-release-virtualization-host", product: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.5.3-10.el8ev", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", ], defaultStatus: "affected", packageName: "redhat-virtualization-host", product: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.5.3-202312060823_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "glibc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "compat-glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Qualys Research Labs for reporting this issue.", }, ], datePublic: "2023-10-03T17:00:00.000Z", descriptions: [ { lang: "en", value: "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T01:12:42.567Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5454", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { name: "RHSA-2023:5476", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5476", }, { name: "RHSA-2024:0033", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0033", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4911", }, { name: "RHBZ#2238352", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2238352", }, { url: "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt", }, { url: "https://www.qualys.com/cve-2023-4911/", }, ], timeline: [ { lang: "en", time: "2023-09-04T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-03T17:00:00+00:00", value: "Made public.", }, ], title: "Glibc: buffer overflow in ld.so leading to privilege escalation", workarounds: [ { lang: "en", value: "For customers who cannot update immediately and do not have Secure Boot feature enabled, the issue can be mitigated using the provided SystemTap script with the following steps. When enabled, any setuid program invoked with GLIBC_TUNABLES in the environment will be terminated immediately. To invoke the setuid program, users will then have to unset or clear the GLIBC_TUNABLES envvar, e.g. `GLIBC_TUNABLES= sudo` . \n\nNote that these mitigation steps will need to be repeated if the system is rebooted.\n\n1) Install required systemtap packages and dependencies as per - https://access.redhat.com/solutions/5441\n\n\n2) Create the following systemtap script, and name it stap_block_suid_tunables.stp:\n ~~~\nfunction has_tunable_string:long()\n{\n name = \"GLIBC_TUNABLES\"\n\n mm = @task(task_current())->mm;\n if (mm)\n {\n env_start = @mm(mm)->env_start;\n env_end = @mm(mm)->env_end;\n\n if (env_start != 0 && env_end != 0)\n while (env_end > env_start)\n {\n cur = user_string(env_start, \"\");\n env_name = tokenize(cur, \"=\");\n \n if (env_name == name && tokenize(\"\", \"\") != \"\")\n return 1;\n env_start += strlen (cur) + 1\n }\n }\n\n return 0;\n}\n\nprobe process(\"/lib*/ld*.so*\").function(\"__tunables_init\")\n{\n atsecure = 0;\n /* Skip processing if we can't read __libc_enable_secure, e.g. core dump\n handler (systemd-cgroups-agent and systemd-coredump). */\n try { atsecure = @var(\"__libc_enable_secure\"); }\n catch { printk (4, sprintf (\"CVE-2023-4911: Skipped check: %s (%d)\", execname(), pid())); }\n if (atsecure && has_tunable_string ())\n raise (9);\n}\n~~~\n\n3) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_block_suid_tunables stap_block_suid_tunables.stp\n ~~~\n\n4) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_block_suid_tunables\nstap_block_suid_tunables 249856 0\n~~~\n\n5) Once the glibc package is updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_block_suid_tunables\n ~~~\n\nIf Secure Boot is enabled on a system, the SystemTap module must be signed. An external compiling server can be used to sign the generated kernel module with a key enrolled into the kernel's keyring or starting with SystemTap 4.7 you can sign a module without a compile server. See further information here - https://www.redhat.com/sysadmin/secure-boot-systemtap", }, ], x_redhatCweChain: "CWE-122: Heap-based Buffer Overflow", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4911", datePublished: "2023-10-03T17:25:08.434Z", dateReserved: "2023-09-12T13:10:32.495Z", dateUpdated: "2025-01-28T16:07:20.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3972
Vulnerability from cvelistv5
Published
2023-11-01 15:54
Modified
2024-11-23 01:25
Severity ?
EPSS score ?
Summary
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6264 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6282 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6283 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6284 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6795 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6796 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6798 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6811 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3972 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2227027 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/RedHatInsights/insights-core/pull/3878 |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:3.1.9-1.el7_9 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-3972", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-26T16:52:32.901290Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-379", description: "CWE-379 Creation of Temporary File in Directory with Insecure Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:17:34.485Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T07:08:50.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6264", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6264", }, { name: "RHSA-2023:6282", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6282", }, { name: "RHSA-2023:6283", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6283", }, { name: "RHSA-2023:6284", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6284", }, { name: "RHSA-2023:6795", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6795", }, { name: "RHSA-2023:6796", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6796", }, { name: "RHSA-2023:6798", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6798", }, { name: "RHSA-2023:6811", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6811", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-3972", }, { name: "RHBZ#2227027", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2227027", }, { tags: [ "x_transferred", ], url: "https://github.com/RedHatInsights/insights-core/pull/3878", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.9-1.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.2-1.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-1.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.2-1.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.2-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "insights-client", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.2-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "insights-client", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Alasdair Kergon (Red Hat) and Pavel Odvody (Red Hat).", }, ], datePublic: "2023-11-01T11:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-379", description: "Creation of Temporary File in Directory with Insecure Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T01:25:37.586Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6264", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6264", }, { name: "RHSA-2023:6282", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6282", }, { name: "RHSA-2023:6283", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6283", }, { name: "RHSA-2023:6284", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6284", }, { name: "RHSA-2023:6795", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6795", }, { name: "RHSA-2023:6796", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6796", }, { name: "RHSA-2023:6798", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6798", }, { name: "RHSA-2023:6811", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6811", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-3972", }, { name: "RHBZ#2227027", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2227027", }, { url: "https://github.com/RedHatInsights/insights-core/pull/3878", }, ], timeline: [ { lang: "en", time: "2023-07-27T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-01T11:00:00+00:00", value: "Made public.", }, ], title: "Insights-client: unsafe handling of temporary files and directories", workarounds: [ { lang: "en", value: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", }, ], x_redhatCweChain: "CWE-61->CWE-379: UNIX Symbolic Link (Symlink) Following leads to Creation of Temporary File in Directory with Insecure Permissions", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-3972", datePublished: "2023-11-01T15:54:52.093Z", dateReserved: "2023-07-27T12:10:37.684Z", dateUpdated: "2024-11-23T01:25:37.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7006
Vulnerability from cvelistv5
Published
2024-08-08 20:49
Modified
2025-01-09 19:19
Severity ?
EPSS score ?
Summary
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:6360 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8833 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8914 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-7006 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2302996 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.0.9-33.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7006", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T15:35:30.347219Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T19:19:31.059Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-20T16:03:14.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20240920-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", ], defaultStatus: "affected", packageName: "libtiff", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.0.9-33.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "libtiff", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.4.0-12.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "libtiff", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.4.0-8.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "libtiff", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "libtiff", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Xu Chang (N/A) for reporting this issue.", }, ], datePublic: "2024-07-19T00:00:00+00:00", descriptions: [ { lang: "en", value: "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T19:41:22.455Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:6360", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6360", }, { name: "RHSA-2024:8833", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8833", }, { name: "RHSA-2024:8914", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8914", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-7006", }, { name: "RHBZ#2302996", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302996", }, ], timeline: [ { lang: "en", time: "2024-08-05T22:40:16.777000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-07-19T00:00:00+00:00", value: "Made public.", }, ], title: "Libtiff: null pointer dereference in tif_dirinfo.c", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-476: NULL Pointer Dereference", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-7006", datePublished: "2024-08-08T20:49:45.373Z", dateReserved: "2024-07-23T00:57:17.777Z", dateUpdated: "2025-01-09T19:19:31.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6681
Vulnerability from cvelistv5
Published
2024-02-12 14:04
Modified
2024-11-24 15:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:3267 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9281 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6681 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2260843 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020240417004735.143e9e98 < * cpe:/a:redhat:enterprise_linux:8::appstream |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-6681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T21:27:57.752185Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:42.932Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:3267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { name: "RHBZ#2260843", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "idm:client", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240417004735.143e9e98", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240416171943.823393f5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "python-jwcrypto", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.5.6-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "python-jwcrypto", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-12-28T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T15:46:23.381Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:3267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { name: "RHSA-2024:9281", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9281", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { name: "RHBZ#2260843", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, ], timeline: [ { lang: "en", time: "2024-01-29T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-28T00:00:00+00:00", value: "Made public.", }, ], title: "Jwcrypto: denail of service via specifically crafted jwe", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-400: Uncontrolled Resource Consumption", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-6681", datePublished: "2024-02-12T14:04:45.113Z", dateReserved: "2023-12-11T12:45:07.051Z", dateUpdated: "2024-11-24T15:46:23.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0211
Vulnerability from cvelistv5
Published
2019-04-08 21:31
Modified
2025-02-06 21:04
Severity ?
EPSS score ?
Summary
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache HTTP Server |
Version: 2.4.17 to 2.4.38 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:15.393Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/3", }, { name: "107666", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107666", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_14", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", }, { name: "USN-3937-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "[httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2019-119b14075a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "20190407 [slackware-security] httpd (SSA:2019-096-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/16", }, { name: "46676", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46676/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", }, { name: "[community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", }, { name: "[community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", }, { name: "RHSA-2019:0746", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0746", }, { name: "openSUSE-SU-2019:1190", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K32957101", }, { name: "openSUSE-SU-2019:1209", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "GLSA-201904-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201904-20", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190423-0001/", }, { name: "openSUSE-SU-2019:1258", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "RHSA-2019:0980", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0980", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "FEDORA-2019-a4ed7400f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:1297", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1297", }, { name: "RHSA-2019:1296", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1296", }, { name: "[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:1543", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/26/7", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0211", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T21:03:33.852786Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0211", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T21:04:27.062Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache", versions: [ { status: "affected", version: "2.4.17 to 2.4.38", }, ], }, ], datePublic: "2019-04-01T00:00:00.000Z", descriptions: [ { lang: "en", value: "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", }, ], problemTypes: [ { descriptions: [ { description: "Apache HTTP Server privilege escalation from modules' scripts", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-06T10:11:34.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/3", }, { name: "107666", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107666", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_14", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", }, { name: "USN-3937-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "[httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2019-119b14075a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "20190407 [slackware-security] httpd (SSA:2019-096-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Apr/16", }, { name: "46676", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46676/", }, { tags: [ "x_refsource_MISC", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", }, { name: "[community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", }, { name: "[community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", }, { name: "RHSA-2019:0746", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0746", }, { name: "openSUSE-SU-2019:1190", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K32957101", }, { name: "openSUSE-SU-2019:1209", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "GLSA-201904-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201904-20", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190423-0001/", }, { name: "openSUSE-SU-2019:1258", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "RHSA-2019:0980", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0980", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "FEDORA-2019-a4ed7400f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:1297", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1297", }, { name: "RHSA-2019:1296", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1296", }, { name: "[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:1543", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/26/7", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_value: "2.4.17 to 2.4.38", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Apache HTTP Server privilege escalation from modules' scripts", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/04/02/3", }, { name: "107666", refsource: "BID", url: "http://www.securityfocus.com/bid/107666", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Apr/5", }, { name: "https://www.synology.com/security/advisory/Synology_SA_19_14", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_19_14", }, { name: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", }, { name: "USN-3937-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "[httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2019-119b14075a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "20190407 [slackware-security] httpd (SSA:2019-096-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Apr/16", }, { name: "46676", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46676/", }, { name: "https://httpd.apache.org/security/vulnerabilities_24.html", refsource: "MISC", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", }, { name: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", }, { name: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", refsource: "MISC", url: "http://www.apache.org/dist/httpd/CHANGES_2.4.39", }, { name: "[community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E", }, { name: "[community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E", }, { name: "RHSA-2019:0746", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0746", }, { name: "openSUSE-SU-2019:1190", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E", }, { name: "https://support.f5.com/csp/article/K32957101", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K32957101", }, { name: "openSUSE-SU-2019:1209", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "GLSA-201904-20", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201904-20", }, { name: "https://security.netapp.com/advisory/ntap-20190423-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190423-0001/", }, { name: "openSUSE-SU-2019:1258", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "RHSA-2019:0980", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0980", }, { name: "RHBA-2019:0959", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "FEDORA-2019-a4ed7400f4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:1297", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1297", }, { name: "RHSA-2019:1296", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1296", }, { name: "[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml", refsource: "MLIST", url: "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:1543", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/26/7", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0211", datePublished: "2019-04-08T21:31:09.000Z", dateReserved: "2018-11-14T00:00:00.000Z", dateUpdated: "2025-02-06T21:04:27.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1756
Vulnerability from cvelistv5
Published
2025-02-27 15:28
Modified
2025-02-27 16:06
Severity ?
EPSS score ?
Summary
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MongoDB Inc | mongosh |
Version: 0 < 2.3.0 cpe:2.3:a:mongodb:mongosh:0.2.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.3.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.4.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.4.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.5.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.5.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.6.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.7.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.8.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.8.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.8.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.9.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.10.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.10.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.11.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.12.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.12.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.13.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.14.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.15.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.15.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:0.15.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.7:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.1.9:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.5.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.6.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.6.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.6.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.7.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.7.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.8.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.90:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.91:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:1.10.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.11:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.12:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:2.2.15:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-27T16:02:07.276063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T16:06:31.860Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "third-party-advisory", ], url: "https://access.redhat.com/errata/RHSA-2025:1756", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:mongodb:mongosh:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:0.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.90:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.91:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:1.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongosh:2.2.15:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "mongosh", vendor: "MongoDB Inc", versions: [ { lessThan: "2.3.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Only environments with Windows as the underlying operating system is affected by this issue</p><br>", }, ], value: "Only environments with Windows as the underlying operating system is affected by this issue", }, ], credits: [ { lang: "en", type: "finder", value: "T. Doğa Gelişli", }, ], datePublic: "2025-02-27T13:15:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0</p>", }, ], value: "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-27T15:28:11.633Z", orgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", shortName: "mongodb", }, references: [ { url: "https://jira.mongodb.org/browse/MONGOSH-2028", }, ], source: { discovery: "EXTERNAL", }, title: "MongoDB Shell may be susceptible to local privilege escalation in Windows", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", assignerShortName: "mongodb", cveId: "CVE-2025-1756", datePublished: "2025-02-27T15:28:11.633Z", dateReserved: "2025-02-27T13:02:02.998Z", dateUpdated: "2025-02-27T16:06:31.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-7250
Vulnerability from cvelistv5
Published
2024-03-18 12:21
Modified
2024-11-24 16:26
Severity ?
EPSS score ?
Summary
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4241 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9185 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-7250 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2244707 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:3.5-10.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-7250", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-21T15:29:57.730662Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:57.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:4241", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4241", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-7250", }, { name: "RHBZ#2244707", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "iperf3", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.5-10.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "iperf3", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.9-13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "iperf3", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-10-16T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-183", description: "Permissive List of Allowed Inputs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T16:26:50.493Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4241", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4241", }, { name: "RHSA-2024:9185", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9185", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-7250", }, { name: "RHBZ#2244707", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", }, ], timeline: [ { lang: "en", time: "2023-10-17T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-16T00:00:00+00:00", value: "Made public.", }, ], title: "Iperf3: possible denial of service", x_redhatCweChain: "CWE-183: Permissive List of Allowed Inputs", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-7250", datePublished: "2024-03-18T12:21:24.985Z", dateReserved: "2024-03-15T15:21:36.481Z", dateUpdated: "2024-11-24T16:26:50.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5633
Vulnerability from cvelistv5
Published
2023-10-23 21:58
Modified
2024-11-15 15:10
Severity ?
EPSS score ?
Summary
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0113 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0134 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0461 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5633 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245663 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.11.1.rt7.313.el8_9 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-5633", options: [ { Exploitation: "None", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:28:39.386Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:07:32.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:0113", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0113", }, { name: "RHSA-2024:0134", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0134", }, { name: "RHSA-2024:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { name: "RHSA-2024:1404", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1404", }, { name: "RHSA-2024:4823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4823", }, { name: "RHSA-2024:4831", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4831", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5633", }, { name: "RHBZ#2245663", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245663", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", ], defaultStatus: "affected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.11.1.rt7.313.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.11.1.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-477.51.1.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-362.18.1.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-362.18.1.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "kernel", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-284.75.1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime", ], defaultStatus: "affected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-284.75.1.rt14.360.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "kernel", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "kernel", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "kernel-rt", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Murray McAllister (NCC Group APAC) for reporting this issue.", }, ], datePublic: "2023-09-28T00:00:00+00:00", descriptions: [ { lang: "en", value: "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T15:10:20.306Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:0113", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0113", }, { name: "RHSA-2024:0134", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0134", }, { name: "RHSA-2024:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { name: "RHSA-2024:1404", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1404", }, { name: "RHSA-2024:4823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4823", }, { name: "RHSA-2024:4831", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4831", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5633", }, { name: "RHBZ#2245663", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245663", }, ], timeline: [ { lang: "en", time: "2023-10-23T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-09-28T00:00:00+00:00", value: "Made public.", }, ], title: "Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling", workarounds: [ { lang: "en", value: "This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", }, ], x_redhatCweChain: "CWE-911->CWE-416: Improper Update of Reference Count leads to Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5633", datePublished: "2023-10-23T21:58:59.776Z", dateReserved: "2023-10-18T08:39:18.720Z", dateUpdated: "2024-11-15T15:10:20.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4806
Vulnerability from cvelistv5
Published
2023-09-18 16:33
Modified
2024-11-15 20:21
Severity ?
EPSS score ?
Summary
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5453 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5455 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7409 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4806 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2237782 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:2.28-225.el8_8.6 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/4", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/6", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/03/8", }, { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { name: "RHSA-2023:7409", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7409", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4806", }, { name: "RHBZ#2237782", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-03", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240125-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-225.el8_8.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-189.8.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.34-60.el9_2.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.28-189.8.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "compat-glibc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "glibc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "compat-glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "glibc", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Siddhesh Poyarekar (Red Hat).", }, ], datePublic: "2023-09-12T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T20:21:06.890Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:5453", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5453", }, { name: "RHSA-2023:5455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:5455", }, { name: "RHSA-2023:7409", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7409", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4806", }, { name: "RHBZ#2237782", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", }, ], timeline: [ { lang: "en", time: "2023-09-06T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-09-12T00:00:00+00:00", value: "Made public.", }, ], title: "Glibc: potential use-after-free in getaddrinfo()", x_redhatCweChain: "CWE-416: Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4806", datePublished: "2023-09-18T16:33:57.211Z", dateReserved: "2023-09-06T16:26:35.613Z", dateUpdated: "2024-11-15T20:21:06.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24809
Vulnerability from cvelistv5
Published
2024-04-16 19:56
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-24809", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T17:11:17.126824Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:15:55.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:20:50.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-29", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5209", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105242", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "net-snmp", repo: "https://github.com/net-snmp/net-snmp", vendor: "net-snmp", versions: [ { lessThan: "5.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.<br>", }, ], value: "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T19:56:07.108Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", }, { url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", }, { url: "https://security.gentoo.org/glsa/202210-29", }, { url: "https://www.debian.org/security/2022/dsa-5209", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105242", }, ], source: { discovery: "UNKNOWN", }, title: "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-24809", datePublished: "2024-04-16T19:56:07.108Z", dateReserved: "2022-02-10T16:41:34.918Z", dateUpdated: "2024-08-03T04:20:50.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6470
Vulnerability from cvelistv5
Published
2019-11-01 22:15
Modified
2024-09-17 01:25
Severity ?
EPSS score ?
Summary
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2060 | x_refsource_CONFIRM | |
| https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html | x_refsource_CONFIRM | |
| https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:3525 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Multiple, non-ISC | dhcpd |
Version: builds not wholly from ISC source < 4.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2060", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", }, { name: "RHSA-2019:3525", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3525", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "dhcpd", vendor: "Multiple, non-ISC", versions: [ { status: "affected", version: "builds not wholly from ISC source < 4.4.1", }, ], }, ], datePublic: "2019-05-11T00:00:00", descriptions: [ { lang: "en", value: "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-06T00:08:09", orgId: "404fd4d2-a609-4245-b543-2c944a302a22", shortName: "isc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/errata/RHSA-2019:2060", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", }, { name: "RHSA-2019:3525", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3525", }, ], source: { discovery: "USER", }, title: "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries", x_generator: { engine: "Vulnogram 0.0.8", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-officer@isc.org", DATE_PUBLIC: "2019-05-11T12:00:00.000Z", ID: "CVE-2019-6470", STATE: "PUBLIC", TITLE: "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "dhcpd", version: { version_data: [ { version_name: "builds not wholly from ISC source", version_value: "< 4.4.1", }, ], }, }, ], }, vendor_name: "Multiple, non-ISC", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.", }, ], }, generator: { engine: "Vulnogram 0.0.8", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/errata/RHSA-2019:2060", refsource: "CONFIRM", url: "https://access.redhat.com/errata/RHSA-2019:2060", }, { name: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", refsource: "CONFIRM", url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html", }, { name: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", refsource: "CONFIRM", url: "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html", }, { name: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", refsource: "CONFIRM", url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122", }, { name: "RHSA-2019:3525", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3525", }, ], }, source: { discovery: "USER", }, }, }, }, cveMetadata: { assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22", assignerShortName: "isc", cveId: "CVE-2019-6470", datePublished: "2019-11-01T22:15:33.599863Z", dateReserved: "2019-01-16T00:00:00", dateUpdated: "2024-09-17T01:25:37.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3899
Vulnerability from cvelistv5
Published
2023-08-23 10:49
Modified
2025-02-27 21:03
Severity ?
EPSS score ?
Summary
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:4701 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4702 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4703 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4704 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4705 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4706 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4707 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4708 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3899 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2225407 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:1.24.52-2.el7_9 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:08:50.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:4701", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4701", }, { name: "RHSA-2023:4702", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4702", }, { name: "RHSA-2023:4703", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4703", }, { name: "RHSA-2023:4704", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4704", }, { name: "RHSA-2023:4705", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4705", }, { name: "RHSA-2023:4706", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4706", }, { name: "RHSA-2023:4707", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4707", }, { name: "RHSA-2023:4708", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:4708", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-3899", }, { name: "RHBZ#2225407", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225407", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3899", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:14.956665Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:03:43.447Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.24.52-2.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.36-3.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.36-3.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", "cpe:/o:redhat:rhel_e4s:8.1::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.25.17.1-2.el8_1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.22-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.22-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.22-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.13-7.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.13-7.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.13-7.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.29.1-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.29.33.1-2.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.29.26.2-2.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "subscription-manager", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Thibault Guittet (Senior Product Security Engineer, Red Hat).", }, ], datePublic: "2023-08-22T14:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T00:07:47.908Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:4701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4701", }, { name: "RHSA-2023:4702", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4702", }, { name: "RHSA-2023:4703", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4703", }, { name: "RHSA-2023:4704", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4704", }, { name: "RHSA-2023:4705", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4705", }, { name: "RHSA-2023:4706", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4706", }, { name: "RHSA-2023:4707", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4707", }, { name: "RHSA-2023:4708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:4708", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-3899", }, { name: "RHBZ#2225407", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225407", }, ], timeline: [ { lang: "en", time: "2023-07-25T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-08-22T14:00:00+00:00", value: "Made public.", }, ], title: "Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration", workarounds: [ { lang: "en", value: "A workaround is to mask rhsm.service using: \n\n~~~\nsystemctl mask rhsm.service\n~~~\n\nWhen the rhsm.service is masked, then no D-Bus call cannot trigger the service and all D-Bus calls will be terminated with error: \"Call failed: Could not activate remote peer.\" But then all applications using D-Bus API will not work until you unmask the service using: \"systemctl unmask rhsm.service\"", }, ], x_redhatCweChain: "CWE-285: Improper Authorization", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-3899", datePublished: "2023-08-23T10:49:11.684Z", dateReserved: "2023-07-25T10:15:36.274Z", dateUpdated: "2025-02-27T21:03:43.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }