LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2015-8803 CVE STATUS: Patched CVE SUMMARY: The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8803 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2015-8804 CVE STATUS: Patched CVE SUMMARY: x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8804 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2015-8805 CVE STATUS: Patched CVE SUMMARY: The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8805 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2016-6489 CVE STATUS: Patched CVE SUMMARY: The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6489 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2018-16869 CVE STATUS: Patched CVE SUMMARY: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16869 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2021-20305 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20305 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2021-3580 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3580 LAYER: meta PACKAGE NAME: nettle PACKAGE VERSION: 3.9.1 CVE: CVE-2023-36660 CVE STATUS: Patched CVE SUMMARY: The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36660 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-2288 CVE STATUS: Patched CVE SUMMARY: Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2288 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-2289 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2289 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-5461 CVE STATUS: Patched CVE SUMMARY: Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5461 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2006-6870 CVE STATUS: Patched CVE SUMMARY: The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6870 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2007-3372 CVE STATUS: Patched CVE SUMMARY: The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3372 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2008-5081 CVE STATUS: Patched CVE SUMMARY: The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5081 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2010-2244 CVE STATUS: Patched CVE SUMMARY: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2244 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2011-1002 CVE STATUS: Patched CVE SUMMARY: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1002 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2017-6519 CVE STATUS: Patched CVE SUMMARY: avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6519 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-26720 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only affects Debian/SUSE CVE SUMMARY: avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26720 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-3468 CVE STATUS: Patched CVE SUMMARY: A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3468 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2021-3502 CVE STATUS: Patched CVE SUMMARY: A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3502 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-1981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1981 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38469 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38469 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38470 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38470 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38471 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38471 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38472 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38472 LAYER: meta PACKAGE NAME: avahi PACKAGE VERSION: 0.8 CVE: CVE-2023-38473 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38473 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2004-1484 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1484 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2010-2799 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2799 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2012-0219 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0219 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2013-3571 CVE STATUS: Patched CVE SUMMARY: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3571 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2014-0019 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0019 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2015-1379 CVE STATUS: Patched CVE SUMMARY: The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1379 LAYER: meta PACKAGE NAME: socat PACKAGE VERSION: 1.8.0.0 CVE: CVE-2016-2217 CVE STATUS: Patched CVE SUMMARY: The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2217 LAYER: meta PACKAGE NAME: gmp PACKAGE VERSION: 6.3.0 CVE: CVE-2021-43618 CVE STATUS: Patched CVE SUMMARY: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43618 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2002-1119 CVE STATUS: Patched CVE SUMMARY: os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1119 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2004-0150 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2005-0089 CVE STATUS: Patched CVE SUMMARY: The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2006-1542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1542 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2006-4980 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4980 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2007-1657 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1657 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2007-2052 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2007-4559 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream consider this expected behaviour CVE SUMMARY: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2007-4965 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4965 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-1679 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1679 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-1721 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1721 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-1887 CVE STATUS: Patched CVE SUMMARY: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1887 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-2315 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-2316 CVE STATUS: Patched CVE SUMMARY: Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2316 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-3142 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3142 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-3143 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3143 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-3144 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3144 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-4108 CVE STATUS: Patched CVE SUMMARY: Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4108 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-4864 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4864 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-5031 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5031 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2008-5983 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5983 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2009-4134 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4134 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-1449 CVE STATUS: Patched CVE SUMMARY: Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1449 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-1450 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1450 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-1634 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1634 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-2089 CVE STATUS: Patched CVE SUMMARY: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-3492 CVE STATUS: Patched CVE SUMMARY: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2010-3493 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3493 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2011-1015 CVE STATUS: Patched CVE SUMMARY: The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1015 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2011-1521 CVE STATUS: Patched CVE SUMMARY: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1521 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2011-4940 CVE STATUS: Patched CVE SUMMARY: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4940 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2011-4944 CVE STATUS: Patched CVE SUMMARY: Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4944 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2012-0845 CVE STATUS: Patched CVE SUMMARY: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0845 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2012-1150 CVE STATUS: Patched CVE SUMMARY: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2012-2135 CVE STATUS: Patched CVE SUMMARY: The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2135 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-1753 CVE STATUS: Patched CVE SUMMARY: The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1753 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-2099 CVE STATUS: Patched CVE SUMMARY: Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2099 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-4238 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4238 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-7040 CVE STATUS: Patched CVE SUMMARY: Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7040 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-7338 CVE STATUS: Patched CVE SUMMARY: Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7338 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2013-7440 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7440 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-1912 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1912 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-2667 CVE STATUS: Patched CVE SUMMARY: Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2667 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-4616 CVE STATUS: Patched CVE SUMMARY: Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4616 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-4650 CVE STATUS: Patched CVE SUMMARY: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4650 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-7185 CVE STATUS: Patched CVE SUMMARY: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7185 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2014-9365 CVE STATUS: Patched CVE SUMMARY: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9365 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2015-20107 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: The mailcap module is insecure by design, so this can't be fixed in a meaningful way CVE SUMMARY: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:C/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20107 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2015-5652 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5652 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-0772 CVE STATUS: Patched CVE SUMMARY: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0772 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-1000110 CVE STATUS: Patched CVE SUMMARY: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1000110 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-2183 CVE STATUS: Patched CVE SUMMARY: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-5636 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-5699 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5699 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2016-9063 CVE STATUS: Patched CVE SUMMARY: An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9063 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2017-1000158 CVE STATUS: Patched CVE SUMMARY: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2017-17522 CVE STATUS: Patched CVE SUMMARY: Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17522 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2017-18207 CVE STATUS: Patched CVE SUMMARY: The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18207 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2017-20052 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-1000030 CVE STATUS: Patched CVE SUMMARY: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.6 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000030 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-1000117 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000117 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-1000802 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000802 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-1060 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1060 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-1061 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-14647 CVE STATUS: Patched CVE SUMMARY: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14647 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-20406 CVE STATUS: Patched CVE SUMMARY: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20406 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-20852 CVE STATUS: Patched CVE SUMMARY: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20852 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-10160 CVE STATUS: Patched CVE SUMMARY: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10160 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-13404 CVE STATUS: Patched CVE SUMMARY: The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13404 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-16056 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16056 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-16935 CVE STATUS: Patched CVE SUMMARY: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16935 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-17514 CVE STATUS: Patched CVE SUMMARY: library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17514 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-18348 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: This is not exploitable when glibc has CVE-2016-10739 fixed CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18348 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-20907 CVE STATUS: Patched CVE SUMMARY: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20907 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-5010 CVE STATUS: Patched CVE SUMMARY: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5010 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-9636 CVE STATUS: Patched CVE SUMMARY: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-9674 CVE STATUS: Patched CVE SUMMARY: Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9674 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-9740 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9740 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-9947 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9947 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2019-9948 CVE STATUS: Patched CVE SUMMARY: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9948 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-10735 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10735 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-14422 CVE STATUS: Patched CVE SUMMARY: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14422 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-15523 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15523 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-15801 CVE STATUS: Patched CVE SUMMARY: In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15801 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-26116 CVE STATUS: Patched CVE SUMMARY: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26116 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-27619 CVE STATUS: Patched CVE SUMMARY: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27619 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-8315 CVE STATUS: Patched CVE SUMMARY: In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2020-8492 CVE STATUS: Patched CVE SUMMARY: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-23336 CVE STATUS: Patched CVE SUMMARY: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23336 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-28861 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28861 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-29921 CVE STATUS: Patched CVE SUMMARY: In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29921 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-3177 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3177 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-3426 CVE STATUS: Patched CVE SUMMARY: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3426 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-3733 CVE STATUS: Patched CVE SUMMARY: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3733 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-3737 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3737 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2021-4189 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-0391 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0391 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-26488 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26488 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-37454 CVE STATUS: Patched CVE SUMMARY: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37454 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-42919 CVE STATUS: Patched CVE SUMMARY: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42919 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-45061 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-48560 CVE STATUS: Patched CVE SUMMARY: A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48560 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-48564 CVE STATUS: Patched CVE SUMMARY: read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48564 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-48565 CVE STATUS: Patched CVE SUMMARY: An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48565 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2022-48566 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48566 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-24329 CVE STATUS: Patched CVE SUMMARY: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24329 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-27043 CVE STATUS: Patched CVE SUMMARY: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27043 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-33595 CVE STATUS: Patched CVE SUMMARY: CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33595 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-36632 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Not an issue, in fact expected behaviour CVE SUMMARY: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36632 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-38898 CVE STATUS: Patched CVE SUMMARY: An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38898 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-40217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40217 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-41105 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41105 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2023-6507 CVE STATUS: Patched CVE SUMMARY: An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6507 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2024-6232 CVE STATUS: Unpatched CVE SUMMARY: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-6232 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.12.4 CVE: CVE-2024-7592 CVE STATUS: Unpatched CVE SUMMARY: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2001-1387 CVE STATUS: Patched CVE SUMMARY: iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1387 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2001-1388 CVE STATUS: Patched CVE SUMMARY: iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1388 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2012-2663 CVE STATUS: Patched CVE SUMMARY: extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2663 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.10 CVE: CVE-2019-11360 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11360 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2014-0172 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0172 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2014-9447 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9447 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2016-10254 CVE STATUS: Patched CVE SUMMARY: The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10254 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2016-10255 CVE STATUS: Patched CVE SUMMARY: The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10255 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7607 CVE STATUS: Patched CVE SUMMARY: The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7607 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7608 CVE STATUS: Patched CVE SUMMARY: The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7608 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7609 CVE STATUS: Patched CVE SUMMARY: elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7609 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7610 CVE STATUS: Patched CVE SUMMARY: The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7610 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7611 CVE STATUS: Patched CVE SUMMARY: The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7611 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7612 CVE STATUS: Patched CVE SUMMARY: The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7612 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2017-7613 CVE STATUS: Patched CVE SUMMARY: elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7613 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16062 CVE STATUS: Patched CVE SUMMARY: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16062 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16402 CVE STATUS: Patched CVE SUMMARY: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16402 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-16403 CVE STATUS: Patched CVE SUMMARY: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16403 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18310 CVE STATUS: Patched CVE SUMMARY: An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18310 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18520 CVE STATUS: Patched CVE SUMMARY: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18520 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-18521 CVE STATUS: Patched CVE SUMMARY: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18521 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2018-8769 CVE STATUS: Patched CVE SUMMARY: elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8769 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7146 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7146 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7148 CVE STATUS: Patched CVE SUMMARY: An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7148 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7149 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7149 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7150 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7150 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7664 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7664 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2019-7665 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7665 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2020-21047 CVE STATUS: Patched CVE SUMMARY: The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21047 LAYER: meta PACKAGE NAME: elfutils PACKAGE VERSION: 0.191 CVE: CVE-2021-33294 CVE STATUS: Patched CVE SUMMARY: In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33294 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2320 CVE STATUS: Patched CVE SUMMARY: ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2320 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2321 CVE STATUS: Patched CVE SUMMARY: The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2321 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-2322 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2322 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2012-6459 CVE STATUS: Patched CVE SUMMARY: ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6459 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2017-12865 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12865 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26675 CVE STATUS: Patched CVE SUMMARY: A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26675 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-26676 CVE STATUS: Patched CVE SUMMARY: gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26676 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2021-33833 CVE STATUS: Patched CVE SUMMARY: ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33833 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23096 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23096 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23097 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23097 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-23098 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23098 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32292 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32292 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2022-32293 CVE STATUS: Patched CVE SUMMARY: In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32293 LAYER: meta PACKAGE NAME: connman PACKAGE VERSION: 1.42 CVE: CVE-2023-28488 CVE STATUS: Patched CVE SUMMARY: client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: ADJACENT_NETWORK VECTORSTRING: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28488 LAYER: meta PACKAGE NAME: libsamplerate0 PACKAGE VERSION: 0.2.2 CVE: CVE-2017-7697 CVE STATUS: Patched CVE SUMMARY: In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7697 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2017-14061 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14061 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2017-14062 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14062 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2019-12290 CVE STATUS: Patched CVE SUMMARY: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12290 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.7 CVE: CVE-2019-18224 CVE STATUS: Patched CVE SUMMARY: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18224 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-0595 CVE STATUS: Patched CVE SUMMARY: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0595 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-3834 CVE STATUS: Patched CVE SUMMARY: The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3834 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2008-4311 CVE STATUS: Patched CVE SUMMARY: The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4311 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2009-1189 CVE STATUS: Patched CVE SUMMARY: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1189 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2010-4352 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4352 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2011-2200 CVE STATUS: Patched CVE SUMMARY: The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2200 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2011-2533 CVE STATUS: Patched CVE SUMMARY: The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2533 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2012-3524 CVE STATUS: Patched CVE SUMMARY: libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3524 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2013-2168 CVE STATUS: Patched CVE SUMMARY: The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2168 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3477 CVE STATUS: Patched CVE SUMMARY: The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3477 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3532 CVE STATUS: Patched CVE SUMMARY: dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3532 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3533 CVE STATUS: Patched CVE SUMMARY: dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3533 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3635 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3635 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3636 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3636 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3637 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3637 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3638 CVE STATUS: Patched CVE SUMMARY: The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3638 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-3639 CVE STATUS: Patched CVE SUMMARY: The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3639 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2014-7824 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7824 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2015-0245 CVE STATUS: Patched CVE SUMMARY: D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0245 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2019-12749 CVE STATUS: Patched CVE SUMMARY: dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12749 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2020-12049 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12049 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2020-35512 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35512 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42010 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42010 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42011 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42011 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2022-42012 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42012 LAYER: meta PACKAGE NAME: dbus PACKAGE VERSION: 1.14.10 CVE: CVE-2023-34969 CVE STATUS: Patched CVE SUMMARY: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34969 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2012-5667 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5667 LAYER: meta PACKAGE NAME: grep PACKAGE VERSION: 3.11 CVE: CVE-2015-1345 CVE STATUS: Patched CVE SUMMARY: The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1345 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2012-2806 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2806 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2013-6629 CVE STATUS: Patched CVE SUMMARY: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6629 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2014-9092 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9092 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2016-3616 CVE STATUS: Patched CVE SUMMARY: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3616 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-15232 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15232 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2017-9614 CVE STATUS: Patched CVE SUMMARY: The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9614 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-1152 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1152 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-14498 CVE STATUS: Patched CVE SUMMARY: get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14498 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-19664 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19664 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2018-20330 CVE STATUS: Patched CVE SUMMARY: The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20330 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2019-13960 CVE STATUS: Patched CVE SUMMARY: In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13960 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-13790 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13790 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-17541 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17541 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2020-35538 CVE STATUS: Patched CVE SUMMARY: A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35538 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-20205 CVE STATUS: Patched CVE SUMMARY: Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20205 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-29390 CVE STATUS: Patched CVE SUMMARY: libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29390 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2021-46822 CVE STATUS: Patched CVE SUMMARY: The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46822 LAYER: meta PACKAGE NAME: libjpeg-turbo PACKAGE VERSION: 1_3.0.1 CVE: CVE-2023-2804 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2804 LAYER: meta-selinux PACKAGE NAME: libsepol PACKAGE VERSION: 3.6 CVE: CVE-2020-10751 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-1999-0491 CVE STATUS: Patched CVE SUMMARY: The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0491 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-1999-1383 CVE STATUS: Patched CVE SUMMARY: (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1383 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2010-0002 CVE STATUS: Patched CVE SUMMARY: The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0002 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2012-3410 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3410 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2012-6711 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6711 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6271 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6271 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6277 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6277 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-6278 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6278 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7169 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7169 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7186 CVE STATUS: Patched CVE SUMMARY: The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7186 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2014-7187 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7187 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-0634 CVE STATUS: Patched CVE SUMMARY: The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0634 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-7543 CVE STATUS: Patched CVE SUMMARY: Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7543 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2016-9401 CVE STATUS: Patched CVE SUMMARY: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9401 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2017-5932 CVE STATUS: Patched CVE SUMMARY: The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5932 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2019-18276 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18276 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2019-9924 CVE STATUS: Patched CVE SUMMARY: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9924 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.2.21 CVE: CVE-2022-3715 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3715 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3152 CVE STATUS: Patched CVE SUMMARY: c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3152 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3153 CVE STATUS: Patched CVE SUMMARY: The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3153 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2016-5180 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5180 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2017-1000381 CVE STATUS: Patched CVE SUMMARY: The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000381 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-14354 CVE STATUS: Patched CVE SUMMARY: A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14354 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-22217 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22217 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-8277 CVE STATUS: Patched CVE SUMMARY: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8277 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2021-3672 CVE STATUS: Patched CVE SUMMARY: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3672 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2022-4904 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4904 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31124 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31124 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31130 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31130 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31147 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31147 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-32067 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32067 LAYER: meta PACKAGE NAME: mesa PACKAGE VERSION: 2_24.0.7 CVE: CVE-2001-0474 CVE STATUS: Patched CVE SUMMARY: Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0474 LAYER: meta PACKAGE NAME: mesa PACKAGE VERSION: 2_24.0.7 CVE: CVE-2013-1872 CVE STATUS: Patched CVE SUMMARY: The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1872 LAYER: meta PACKAGE NAME: mesa PACKAGE VERSION: 2_24.0.7 CVE: CVE-2013-1993 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1993 LAYER: meta PACKAGE NAME: mesa PACKAGE VERSION: 2_24.0.7 CVE: CVE-2019-5068 CVE STATUS: Patched CVE SUMMARY: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5068 LAYER: meta-oe PACKAGE NAME: udisks2 PACKAGE VERSION: 2.10.1 CVE: CVE-2010-1149 CVE STATUS: Patched CVE SUMMARY: probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1149 LAYER: meta-oe PACKAGE NAME: udisks2 PACKAGE VERSION: 2.10.1 CVE: CVE-2010-4661 CVE STATUS: Patched CVE SUMMARY: udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4661 LAYER: meta-oe PACKAGE NAME: udisks2 PACKAGE VERSION: 2.10.1 CVE: CVE-2014-0004 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0004 LAYER: meta-oe PACKAGE NAME: udisks2 PACKAGE VERSION: 2.10.1 CVE: CVE-2018-17336 CVE STATUS: Patched CVE SUMMARY: UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17336 LAYER: meta-oe PACKAGE NAME: udisks2 PACKAGE VERSION: 2.10.1 CVE: CVE-2021-3802 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 4.2 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3802 LAYER: meta PACKAGE NAME: libdnf PACKAGE VERSION: 0.73.1 CVE: CVE-2021-3445 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3445 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2015-8947 CVE STATUS: Patched CVE SUMMARY: hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8947 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2015-9274 CVE STATUS: Patched CVE SUMMARY: HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9274 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2016-2052 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2052 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2021-45931 CVE STATUS: Patched CVE SUMMARY: HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t::set and hb_set_copy). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45931 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2022-33068 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33068 LAYER: meta PACKAGE NAME: harfbuzz PACKAGE VERSION: 8.3.0 CVE: CVE-2023-25193 CVE STATUS: Patched CVE SUMMARY: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25193 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2013-4288 CVE STATUS: Patched CVE SUMMARY: Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4288 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2015-3218 CVE STATUS: Patched CVE SUMMARY: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3218 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2015-3255 CVE STATUS: Patched CVE SUMMARY: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3255 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2015-3256 CVE STATUS: Patched CVE SUMMARY: PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3256 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2015-4625 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4625 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2016-2568 CVE STATUS: Unpatched CVE SUMMARY: pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2568 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2018-1116 CVE STATUS: Patched CVE SUMMARY: A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1116 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2018-19788 CVE STATUS: Patched CVE SUMMARY: A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19788 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2019-6133 CVE STATUS: Patched CVE SUMMARY: In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6133 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2021-3560 CVE STATUS: Patched CVE SUMMARY: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3560 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2021-4034 CVE STATUS: Patched CVE SUMMARY: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4034 LAYER: meta-oe PACKAGE NAME: polkit PACKAGE VERSION: 124 CVE: CVE-2021-4115 CVE STATUS: Patched CVE SUMMARY: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4115 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3641 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3641 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3644 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3644 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2007-3645 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3645 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2010-4666 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4666 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1777 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1777 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1778 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1778 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2011-1779 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1779 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2013-0211 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0211 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-2304 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2304 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8915 CVE STATUS: Patched CVE SUMMARY: bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8915 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8916 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8916 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8917 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8917 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8918 CVE STATUS: Patched CVE SUMMARY: The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8918 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8919 CVE STATUS: Patched CVE SUMMARY: The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8919 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8920 CVE STATUS: Patched CVE SUMMARY: The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8920 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8921 CVE STATUS: Patched CVE SUMMARY: The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8921 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8922 CVE STATUS: Patched CVE SUMMARY: The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8922 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8923 CVE STATUS: Patched CVE SUMMARY: The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8923 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8924 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8924 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8925 CVE STATUS: Patched CVE SUMMARY: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8925 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8926 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8926 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8927 CVE STATUS: Patched CVE SUMMARY: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8927 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8928 CVE STATUS: Patched CVE SUMMARY: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8928 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8929 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8929 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8930 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8930 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8931 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8931 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8932 CVE STATUS: Patched CVE SUMMARY: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8932 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8933 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8933 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8934 CVE STATUS: Patched CVE SUMMARY: The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8934 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10209 CVE STATUS: Patched CVE SUMMARY: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10209 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10349 CVE STATUS: Patched CVE SUMMARY: The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10349 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-10350 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10350 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-1541 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1541 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4300 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4300 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4301 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4301 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4302 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4302 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4809 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4809 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-5418 CVE STATUS: Patched CVE SUMMARY: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5418 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-5844 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5844 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-6250 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6250 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-7166 CVE STATUS: Patched CVE SUMMARY: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8687 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8687 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8688 CVE STATUS: Patched CVE SUMMARY: The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8688 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2016-8689 CVE STATUS: Patched CVE SUMMARY: The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8689 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14166 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14501 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14501 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14502 CVE STATUS: Patched CVE SUMMARY: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14502 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-14503 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14503 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5601 CVE STATUS: Patched CVE SUMMARY: An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5601 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000877 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000877 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000878 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000878 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000879 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2018-1000880 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-1000019 CVE STATUS: Patched CVE SUMMARY: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000019 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-1000020 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000020 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-11463 CVE STATUS: Patched CVE SUMMARY: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11463 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-18408 CVE STATUS: Patched CVE SUMMARY: archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18408 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2019-19221 CVE STATUS: Patched CVE SUMMARY: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19221 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2020-21674 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21674 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2020-9308 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9308 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-23177 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23177 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-31566 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31566 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2021-36976 CVE STATUS: Patched CVE SUMMARY: libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36976 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2022-26280 CVE STATUS: Patched CVE SUMMARY: Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26280 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2022-36227 CVE STATUS: Patched CVE SUMMARY: In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36227 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2023-30571 CVE STATUS: Ignored CVE DETAIL: upstream-wontfix CVE DESCRIPTION: upstream has documented that reported function is not thread-safe CVE SUMMARY: Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30571 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-37407 CVE STATUS: Patched CVE SUMMARY: Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-37407 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2011-4099 CVE STATUS: Patched CVE SUMMARY: The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4099 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2602 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2602 LAYER: meta PACKAGE NAME: libcap PACKAGE VERSION: 2.69 CVE: CVE-2023-2603 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2603 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2008-4316 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4316 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2009-3289 CVE STATUS: Patched CVE SUMMARY: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3289 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2012-0039 CVE STATUS: Patched CVE SUMMARY: GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0039 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16428 CVE STATUS: Patched CVE SUMMARY: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16428 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2018-16429 CVE STATUS: Patched CVE SUMMARY: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16429 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-12450 CVE STATUS: Patched CVE SUMMARY: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12450 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-13012 CVE STATUS: Patched CVE SUMMARY: The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13012 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2019-9633 CVE STATUS: Patched CVE SUMMARY: gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9633 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-35457 CVE STATUS: Patched CVE SUMMARY: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35457 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2020-6750 CVE STATUS: Patched CVE SUMMARY: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6750 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27218 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-27219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27219 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-28153 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28153 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2021-3800 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3800 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-29499 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29499 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32611 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32611 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32636 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32636 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32643 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32643 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.78.6 CVE: CVE-2023-32665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32665 LAYER: meta PACKAGE NAME: wayland PACKAGE VERSION: 1.22.0 CVE: CVE-2021-3782 CVE STATUS: Patched CVE SUMMARY: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.6 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3782 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2013-1633 CVE STATUS: Patched CVE SUMMARY: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1633 LAYER: meta PACKAGE NAME: python3-setuptools PACKAGE VERSION: 69.1.1 CVE: CVE-2022-40897 CVE STATUS: Patched CVE SUMMARY: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40897 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2012-4559 CVE STATUS: Patched CVE SUMMARY: Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4559 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2012-4560 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4560 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2012-4561 CVE STATUS: Patched CVE SUMMARY: The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4561 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2012-4562 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4562 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2012-6063 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6063 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2013-0176 CVE STATUS: Patched CVE SUMMARY: The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0176 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2014-0017 CVE STATUS: Patched CVE SUMMARY: The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0017 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2014-8132 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8132 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2015-3146 CVE STATUS: Patched CVE SUMMARY: The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3146 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2016-0739 CVE STATUS: Patched CVE SUMMARY: libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0739 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2018-10933 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10933 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2019-14889 CVE STATUS: Patched CVE SUMMARY: A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14889 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2020-16135 CVE STATUS: Patched CVE SUMMARY: libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-16135 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2020-1730 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1730 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2021-3634 CVE STATUS: Patched CVE SUMMARY: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3634 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-1667 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1667 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-2283 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2283 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-3603 CVE STATUS: Patched CVE SUMMARY: A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3603 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-48795 CVE STATUS: Patched CVE SUMMARY: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-48795 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-6004 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6004 LAYER: meta-oe PACKAGE NAME: libssh PACKAGE VERSION: 0.10.6 CVE: CVE-2023-6918 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6918 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2013-7038 CVE STATUS: Patched CVE SUMMARY: The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7038 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2013-7039 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7039 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2021-3466 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3466 LAYER: meta PACKAGE NAME: libmicrohttpd PACKAGE VERSION: 1.0.1 CVE: CVE-2023-27371 CVE STATUS: Patched CVE SUMMARY: GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27371 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20532 CVE STATUS: Patched CVE SUMMARY: There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20532 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20533 CVE STATUS: Patched CVE SUMMARY: There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20533 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2018-20534 CVE STATUS: Patched CVE SUMMARY: There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20534 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2019-20387 CVE STATUS: Patched CVE SUMMARY: repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20387 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-3200 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3200 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33928 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33928 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33929 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33929 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33930 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33930 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-33938 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33938 LAYER: meta PACKAGE NAME: libsolv PACKAGE VERSION: 0.7.28 CVE: CVE-2021-44568 CVE STATUS: Patched CVE SUMMARY: Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44568 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2009-3560 CVE STATUS: Patched CVE SUMMARY: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3560 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2009-3720 CVE STATUS: Patched CVE SUMMARY: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3720 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2012-1147 CVE STATUS: Patched CVE SUMMARY: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1147 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2012-1148 CVE STATUS: Patched CVE SUMMARY: Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1148 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2012-6702 CVE STATUS: Patched CVE SUMMARY: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6702 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2016-5300 CVE STATUS: Patched CVE SUMMARY: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5300 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2017-11742 CVE STATUS: Patched CVE SUMMARY: The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11742 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2018-20843 CVE STATUS: Patched CVE SUMMARY: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20843 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2021-45960 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45960 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2021-46143 CVE STATUS: Patched CVE SUMMARY: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46143 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22822 CVE STATUS: Patched CVE SUMMARY: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22822 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22823 CVE STATUS: Patched CVE SUMMARY: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22823 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22824 CVE STATUS: Patched CVE SUMMARY: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22824 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22825 CVE STATUS: Patched CVE SUMMARY: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22825 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22826 CVE STATUS: Patched CVE SUMMARY: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22826 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-22827 CVE STATUS: Patched CVE SUMMARY: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22827 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-23852 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23852 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-23990 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23990 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-25235 CVE STATUS: Patched CVE SUMMARY: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25235 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-25236 CVE STATUS: Patched CVE SUMMARY: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25236 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-25313 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25313 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-25314 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25314 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-25315 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25315 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-40674 CVE STATUS: Patched CVE SUMMARY: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40674 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2022-43680 CVE STATUS: Patched CVE SUMMARY: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2023-52425 CVE STATUS: Patched CVE SUMMARY: libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52425 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2023-52426 CVE STATUS: Patched CVE SUMMARY: libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-52426 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2024-45490 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45490 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2024-45491 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45491 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.6.2 CVE: CVE-2024-45492 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-45492 LAYER: meta PACKAGE NAME: glib-networking PACKAGE VERSION: 2.78.1 CVE: CVE-2020-13645 CVE STATUS: Patched CVE SUMMARY: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13645 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-1999-0199 CVE STATUS: Patched CVE SUMMARY: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0199 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0335 CVE STATUS: Patched CVE SUMMARY: The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0335 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0824 CVE STATUS: Patched CVE SUMMARY: The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0824 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2000-0959 CVE STATUS: Patched CVE SUMMARY: glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0959 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-0684 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0684 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-1146 CVE STATUS: Patched CVE SUMMARY: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1146 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2002-1265 CVE STATUS: Patched CVE SUMMARY: The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1265 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2003-0028 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0028 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2003-0859 CVE STATUS: Patched CVE SUMMARY: The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0859 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-0968 CVE STATUS: Patched CVE SUMMARY: The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0968 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-1382 CVE STATUS: Patched CVE SUMMARY: The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1382 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2004-1453 CVE STATUS: Patched CVE SUMMARY: GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1453 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2005-3590 CVE STATUS: Patched CVE SUMMARY: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3590 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2006-7254 CVE STATUS: Patched CVE SUMMARY: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7254 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2007-3508 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3508 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-4880 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4880 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-4881 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4881 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5029 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5064 CVE STATUS: Patched CVE SUMMARY: ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5064 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2009-5155 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5155 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0015 CVE STATUS: Patched CVE SUMMARY: nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0015 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0296 CVE STATUS: Patched CVE SUMMARY: The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0296 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-0830 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0830 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3192 CVE STATUS: Patched CVE SUMMARY: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3847 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3847 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-3856 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3856 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4051 CVE STATUS: Patched CVE SUMMARY: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4051 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4052 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4052 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2010-4756 CVE STATUS: Unpatched CVE SUMMARY: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4756 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-0536 CVE STATUS: Patched CVE SUMMARY: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0536 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1071 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1071 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1089 CVE STATUS: Patched CVE SUMMARY: The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1089 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1095 CVE STATUS: Patched CVE SUMMARY: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1095 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1658 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1658 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-1659 CVE STATUS: Patched CVE SUMMARY: Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1659 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-2702 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2702 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-4609 CVE STATUS: Patched CVE SUMMARY: The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4609 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2011-5320 CVE STATUS: Patched CVE SUMMARY: scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-5320 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-0864 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0864 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3404 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3404 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3405 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3405 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3406 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3406 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-3480 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3480 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-4412 CVE STATUS: Patched CVE SUMMARY: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4412 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-4424 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2012-6656 CVE STATUS: Patched CVE SUMMARY: iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6656 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-0242 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0242 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-1914 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1914 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-2207 CVE STATUS: Patched CVE SUMMARY: pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2207 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4237 CVE STATUS: Patched CVE SUMMARY: sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4332 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4332 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4458 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4458 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-4788 CVE STATUS: Patched CVE SUMMARY: The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4788 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-7423 CVE STATUS: Patched CVE SUMMARY: The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7423 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2013-7424 CVE STATUS: Patched CVE SUMMARY: The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-0475 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0475 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-4043 CVE STATUS: Patched CVE SUMMARY: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4043 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-5119 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5119 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-6040 CVE STATUS: Patched CVE SUMMARY: GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6040 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-7817 CVE STATUS: Patched CVE SUMMARY: The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7817 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-8121 CVE STATUS: Patched CVE SUMMARY: DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8121 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9402 CVE STATUS: Patched CVE SUMMARY: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9402 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9761 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9761 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2014-9984 CVE STATUS: Patched CVE SUMMARY: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-0235 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0235 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1472 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1472 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1473 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1473 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-1781 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1781 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-20109 CVE STATUS: Patched CVE SUMMARY: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20109 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-5180 CVE STATUS: Patched CVE SUMMARY: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5180 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-5277 CVE STATUS: Patched CVE SUMMARY: The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5277 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-7547 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7547 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8776 CVE STATUS: Patched CVE SUMMARY: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8776 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8777 CVE STATUS: Patched CVE SUMMARY: The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8777 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8778 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8778 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8779 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8779 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8982 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8982 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8983 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8983 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8984 CVE STATUS: Patched CVE SUMMARY: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2015-8985 CVE STATUS: Patched CVE SUMMARY: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8985 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-10228 CVE STATUS: Patched CVE SUMMARY: The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10228 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-10739 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10739 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-1234 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1234 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-3075 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3075 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-3706 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3706 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-4429 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4429 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-5417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5417 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2016-6323 CVE STATUS: Patched CVE SUMMARY: The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6323 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000366 CVE STATUS: Patched CVE SUMMARY: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000366 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000408 CVE STATUS: Patched CVE SUMMARY: A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000408 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-1000409 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000409 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-12132 CVE STATUS: Patched CVE SUMMARY: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12132 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-12133 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12133 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15670 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15670 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15671 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15671 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-15804 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-16997 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16997 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-17426 CVE STATUS: Patched CVE SUMMARY: The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17426 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-18269 CVE STATUS: Patched CVE SUMMARY: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18269 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2017-8804 CVE STATUS: Patched CVE SUMMARY: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-1000001 CVE STATUS: Patched CVE SUMMARY: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000001 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-11236 CVE STATUS: Patched CVE SUMMARY: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11236 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-11237 CVE STATUS: Patched CVE SUMMARY: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-19591 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19591 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-20796 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20796 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-6485 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6485 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2018-6551 CVE STATUS: Patched CVE SUMMARY: The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6551 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010022 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010023 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010024 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat. CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-1010025 CVE STATUS: Ignored CVE DETAIL: disputed CVE DESCRIPTION: Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow easier access for another. 'ASLR bypass itself is not a vulnerability.' CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-19126 CVE STATUS: Patched CVE SUMMARY: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19126 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-25013 CVE STATUS: Patched CVE SUMMARY: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-25013 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-6488 CVE STATUS: Patched CVE SUMMARY: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6488 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-7309 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7309 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-9169 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9169 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2019-9192 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-10029 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-1751 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 5.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1751 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-1752 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1752 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-27618 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27618 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-29562 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29562 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-29573 CVE STATUS: Patched CVE SUMMARY: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29573 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2020-6096 CVE STATUS: Patched CVE SUMMARY: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6096 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-27645 CVE STATUS: Patched CVE SUMMARY: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27645 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3326 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3326 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-33574 CVE STATUS: Patched CVE SUMMARY: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33574 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-35942 CVE STATUS: Patched CVE SUMMARY: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35942 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-38604 CVE STATUS: Patched CVE SUMMARY: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38604 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3998 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3998 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-3999 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3999 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2021-43396 CVE STATUS: Patched CVE SUMMARY: In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43396 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-23218 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23218 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-23219 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23219 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2022-39046 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39046 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-0687 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 9.8 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0687 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-25139 CVE STATUS: Patched CVE SUMMARY: sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25139 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4527 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4527 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4806 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4806 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4813 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4813 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-4911 CVE STATUS: Patched CVE SUMMARY: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4911 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-5156 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5156 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6246 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6246 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6779 CVE STATUS: Patched CVE SUMMARY: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6779 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2023-6780 CVE STATUS: Patched CVE SUMMARY: An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6780 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-2961 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-2961 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33599 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 VECTOR: UNKNOWN VECTORSTRING: UNKNOWN MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33599 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33600 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 VECTOR: UNKNOWN VECTORSTRING: UNKNOWN MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33600 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33601 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33601 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.39+git CVE: CVE-2024-33602 CVE STATUS: Patched CVE DETAIL: cpe-stable-backport CVE DESCRIPTION: fix available in used git hash CVE SUMMARY: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33602 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2018-1121 CVE STATUS: Patched CVE SUMMARY: procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1121 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 4.0.4 CVE: CVE-2023-4016 CVE STATUS: Patched CVE SUMMARY: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 LAYER: meta PACKAGE NAME: alsa-lib PACKAGE VERSION: 1.2.11 CVE: CVE-2005-0087 CVE STATUS: Patched CVE SUMMARY: The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0087 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2015-5237 CVE STATUS: Patched CVE SUMMARY: protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5237 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-22570 CVE STATUS: Patched CVE SUMMARY: Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22570 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2021-3121 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3121 LAYER: meta-oe PACKAGE NAME: protobuf PACKAGE VERSION: 4.25.3 CVE: CVE-2023-24535 CVE STATUS: Patched CVE SUMMARY: Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24535 LAYER: meta PACKAGE NAME: libcomps PACKAGE VERSION: 0.1.20 CVE: CVE-2019-3817 CVE STATUS: Patched CVE SUMMARY: A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3817 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2011-3146 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3146 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2013-1881 CVE STATUS: Patched CVE SUMMARY: GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1881 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7557 CVE STATUS: Patched CVE SUMMARY: The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7557 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2015-7558 CVE STATUS: Patched CVE SUMMARY: librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7558 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-4348 CVE STATUS: Patched CVE SUMMARY: The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4348 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2016-6163 CVE STATUS: Patched CVE SUMMARY: The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6163 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2017-11464 CVE STATUS: Patched CVE SUMMARY: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11464 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2018-1000041 CVE STATUS: Ignored CVE DETAIL: not-applicable-platform CVE DESCRIPTION: Issue only applies on Windows CVE SUMMARY: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000041 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2019-20446 CVE STATUS: Patched CVE SUMMARY: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20446 LAYER: meta PACKAGE NAME: librsvg PACKAGE VERSION: 2.57.1 CVE: CVE-2023-38633 CVE STATUS: Patched CVE SUMMARY: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38633 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2008-2935 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2935 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-1202 CVE STATUS: Patched CVE SUMMARY: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1202 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2011-3970 CVE STATUS: Patched CVE SUMMARY: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3970 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-2870 CVE STATUS: Patched CVE SUMMARY: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2870 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2012-6139 CVE STATUS: Patched CVE SUMMARY: libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6139 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2013-4520 CVE STATUS: Patched CVE SUMMARY: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4520 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-7995 CVE STATUS: Patched CVE SUMMARY: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7995 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2015-9019 CVE STATUS: Patched CVE SUMMARY: In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9019 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1683 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1683 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-1684 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1684 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4607 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4607 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4608 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4608 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4609 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4609 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2016-4610 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4610 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2017-5029 CVE STATUS: Patched CVE SUMMARY: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5029 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-11068 CVE STATUS: Patched CVE SUMMARY: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13117 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13117 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-13118 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13118 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-18197 CVE STATUS: Patched CVE SUMMARY: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18197 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2019-5815 CVE STATUS: Patched CVE SUMMARY: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5815 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2021-30560 CVE STATUS: Patched CVE SUMMARY: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30560 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.39 CVE: CVE-2022-29824 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: Static linking to libxml2 is not enabled. CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9085 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9085 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2016-9969 CVE STATUS: Patched CVE SUMMARY: In libwebp 0.5.1, there is a double free bug in libwebpmux. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9969 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25009 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25009 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25010 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25010 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25011 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25011 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25012 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25012 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25013 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25013 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2018-25014 CVE STATUS: Patched CVE SUMMARY: A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25014 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36328 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36328 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36329 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36329 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36330 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36330 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36331 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36331 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2020-36332 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36332 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-1999 CVE STATUS: Patched CVE SUMMARY: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.  CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1999 LAYER: meta PACKAGE NAME: libwebp PACKAGE VERSION: 1.3.2 CVE: CVE-2023-4863 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2004-2531 CVE STATUS: Patched CVE SUMMARY: X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2531 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2005-1431 CVE STATUS: Patched CVE SUMMARY: The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1431 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-4790 CVE STATUS: Patched CVE SUMMARY: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4790 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2006-7239 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7239 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1948 CVE STATUS: Patched CVE SUMMARY: The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1948 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1949 CVE STATUS: Patched CVE SUMMARY: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1949 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-1950 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1950 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-2377 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2377 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2008-4989 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4989 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1415 CVE STATUS: Patched CVE SUMMARY: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1415 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1416 CVE STATUS: Patched CVE SUMMARY: lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1416 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-1417 CVE STATUS: Patched CVE SUMMARY: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1417 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2409 CVE STATUS: Patched CVE SUMMARY: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2409 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-2730 CVE STATUS: Patched CVE SUMMARY: libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2730 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2009-5138 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5138 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2010-0731 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0731 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2011-4128 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4128 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-0390 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0390 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1573 CVE STATUS: Patched CVE SUMMARY: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1573 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2012-1663 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1663 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-1619 CVE STATUS: Patched CVE SUMMARY: The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1619 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-2116 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2116 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2013-4487 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4487 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-0092 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0092 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-1959 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1959 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3465 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3465 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8155 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8155 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2014-8564 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8564 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0282 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0282 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-0294 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0294 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-3308 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3308 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-6251 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6251 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2015-8313 CVE STATUS: Patched CVE SUMMARY: GnuTLS incorrectly validates the first byte of padding in CBC modes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8313 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-4456 CVE STATUS: Patched CVE SUMMARY: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4456 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2016-7444 CVE STATUS: Patched CVE SUMMARY: The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7444 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5334 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5334 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5335 CVE STATUS: Patched CVE SUMMARY: The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5335 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5336 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5336 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-5337 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5337 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7507 CVE STATUS: Patched CVE SUMMARY: GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2017-7869 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7869 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10844 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10844 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10845 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10845 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-10846 CVE STATUS: Patched CVE SUMMARY: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10846 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2018-16868 CVE STATUS: Patched CVE SUMMARY: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16868 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3829 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3829 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2019-3836 CVE STATUS: Patched CVE SUMMARY: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3836 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-11501 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11501 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-13777 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13777 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2020-24659 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24659 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20231 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20231 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-20232 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20232 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2021-4209 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4209 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2022-2509 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2509 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-0361 CVE STATUS: Patched CVE SUMMARY: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0361 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2023-5981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5981 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0553 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0553 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.8.4 CVE: CVE-2024-0567 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0567 LAYER: meta-oe PACKAGE NAME: cryptsetup PACKAGE VERSION: 2.7.2 CVE: CVE-2016-4484 CVE STATUS: Patched CVE SUMMARY: The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4484 LAYER: meta-oe PACKAGE NAME: cryptsetup PACKAGE VERSION: 2.7.2 CVE: CVE-2020-14382 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14382 LAYER: meta-oe PACKAGE NAME: cryptsetup PACKAGE VERSION: 2.7.2 CVE: CVE-2021-4122 CVE STATUS: Patched CVE SUMMARY: It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.3 VECTOR: PHYSICAL VECTORSTRING: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4122 LAYER: meta PACKAGE NAME: initscripts PACKAGE VERSION: 1.0 CVE: CVE-2008-3524 CVE STATUS: Patched CVE SUMMARY: rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3524 LAYER: meta PACKAGE NAME: initscripts PACKAGE VERSION: 1.0 CVE: CVE-2008-4832 CVE STATUS: Patched CVE SUMMARY: rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4832 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2009-0579 CVE STATUS: Patched CVE SUMMARY: Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0579 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2009-0887 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0887 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3316 CVE STATUS: Patched CVE SUMMARY: The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3316 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3430 CVE STATUS: Patched CVE SUMMARY: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3430 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3431 CVE STATUS: Patched CVE SUMMARY: The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3431 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3435 CVE STATUS: Patched CVE SUMMARY: The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3435 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-3853 CVE STATUS: Patched CVE SUMMARY: pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3853 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4706 CVE STATUS: Patched CVE SUMMARY: The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4706 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4707 CVE STATUS: Patched CVE SUMMARY: The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4707 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2010-4708 CVE STATUS: Patched CVE SUMMARY: The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4708 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2011-3148 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3148 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2011-3149 CVE STATUS: Patched CVE SUMMARY: The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3149 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2014-2583 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2583 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2015-3238 CVE STATUS: Patched CVE SUMMARY: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3238 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2018-17953 CVE STATUS: Patched CVE SUMMARY: A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17953 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2020-27780 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27780 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2022-28321 CVE STATUS: Patched CVE SUMMARY: The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28321 LAYER: meta PACKAGE NAME: libpam PACKAGE VERSION: 1.5.3 CVE: CVE-2024-22365 CVE STATUS: Patched CVE SUMMARY: linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22365 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2009-1194 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1194 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2010-0421 CVE STATUS: Patched CVE SUMMARY: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0421 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0020 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0020 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-0064 CVE STATUS: Patched CVE SUMMARY: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0064 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2018-15120 CVE STATUS: Patched CVE SUMMARY: libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15120 LAYER: meta PACKAGE NAME: pango PACKAGE VERSION: 1.52.1 CVE: CVE-2019-1010238 CVE STATUS: Patched CVE SUMMARY: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2011-2485 CVE STATUS: Patched CVE SUMMARY: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2485 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2011-2897 CVE STATUS: Patched CVE SUMMARY: gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2897 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2012-2370 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2370 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-4491 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4491 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-7673 CVE STATUS: Patched CVE SUMMARY: io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7673 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-7674 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7674 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2015-8875 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8875 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2016-6352 CVE STATUS: Patched CVE SUMMARY: The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6352 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-1000422 CVE STATUS: Patched CVE SUMMARY: Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000422 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-12447 CVE STATUS: Patched CVE SUMMARY: GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12447 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-2862 CVE STATUS: Patched CVE SUMMARY: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2862 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-2870 CVE STATUS: Patched CVE SUMMARY: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2870 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6311 CVE STATUS: Patched CVE SUMMARY: gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6311 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6312 CVE STATUS: Patched CVE SUMMARY: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6312 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6313 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6313 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2017-6314 CVE STATUS: Patched CVE SUMMARY: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6314 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2020-29385 CVE STATUS: Patched CVE SUMMARY: GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29385 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-20240 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20240 LAYER: meta PACKAGE NAME: gdk-pixbuf PACKAGE VERSION: 2.42.12 CVE: CVE-2021-46829 CVE STATUS: Patched CVE SUMMARY: GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46829 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2019-18281 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18281 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Patched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-25580 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 0.0 VECTOR: UNKNOWN VECTORSTRING: UNKNOWN MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-25580 LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-agl-demo PACKAGE NAME: mediaplayer PACKAGE VERSION: 2.0+git CVE: CVE-2008-0619 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0619 LAYER: meta-oe PACKAGE NAME: libopus PACKAGE VERSION: 1.5.2 CVE: CVE-2013-0899 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0899 LAYER: meta-selinux PACKAGE NAME: selinux-python PACKAGE VERSION: 3.6 CVE: CVE-2020-10751 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 LAYER: meta PACKAGE NAME: util-linux-libuuid PACKAGE VERSION: 2.39.3 CVE: CVE-2024-28085 CVE STATUS: Patched CVE SUMMARY: wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-28085 LAYER: meta-agl-demo PACKAGE NAME: messaging PACKAGE VERSION: 1.0+git CVE: CVE-2005-2668 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2668 LAYER: meta-agl-demo PACKAGE NAME: messaging PACKAGE VERSION: 1.0+git CVE: CVE-2005-2669 CVE STATUS: Patched CVE SUMMARY: Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2669 LAYER: meta-agl-demo PACKAGE NAME: messaging PACKAGE VERSION: 1.0+git CVE: CVE-2006-0529 CVE STATUS: Patched CVE SUMMARY: Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0529 LAYER: meta-agl-demo PACKAGE NAME: messaging PACKAGE VERSION: 1.0+git CVE: CVE-2006-0530 CVE STATUS: Patched CVE SUMMARY: Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0530 LAYER: meta-agl-demo PACKAGE NAME: messaging PACKAGE VERSION: 1.0+git CVE: CVE-2011-1066 CVE STATUS: Patched CVE SUMMARY: Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1066 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-4619 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4619 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6277 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6277 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6278 CVE STATUS: Patched CVE SUMMARY: Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6278 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2007-6279 CVE STATUS: Patched CVE SUMMARY: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6279 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-8962 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8962 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2014-9028 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9028 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2017-6888 CVE STATUS: Patched CVE SUMMARY: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6888 LAYER: meta PACKAGE NAME: flac PACKAGE VERSION: 1.4.3 CVE: CVE-2020-22219 CVE STATUS: Patched CVE SUMMARY: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22219 LAYER: meta-selinux PACKAGE NAME: libselinux-python PACKAGE VERSION: 3.6 CVE: CVE-2020-10751 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 LAYER: meta-selinux PACKAGE NAME: libselinux PACKAGE VERSION: 3.6 CVE: CVE-2020-10751 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-5823 CVE STATUS: Patched CVE SUMMARY: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5823 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-5824 CVE STATUS: Patched CVE SUMMARY: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5824 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-5825 CVE STATUS: Patched CVE SUMMARY: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5825 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-5826 CVE STATUS: Patched CVE SUMMARY: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5826 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-5827 CVE STATUS: Patched CVE SUMMARY: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5827 LAYER: meta PACKAGE NAME: libical PACKAGE VERSION: 3.0.17 CVE: CVE-2016-9584 CVE STATUS: Patched CVE SUMMARY: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9584 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-0747 CVE STATUS: Patched CVE SUMMARY: Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0747 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-1861 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1861 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-2661 CVE STATUS: Patched CVE SUMMARY: ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2661 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2006-3467 CVE STATUS: Patched CVE SUMMARY: Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3467 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2007-2754 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2754 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2007-3506 CVE STATUS: Patched CVE SUMMARY: The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3506 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1806 CVE STATUS: Patched CVE SUMMARY: Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1806 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1807 CVE STATUS: Patched CVE SUMMARY: FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1807 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2008-1808 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1808 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2009-0946 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0946 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2497 CVE STATUS: Patched CVE SUMMARY: Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2497 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2498 CVE STATUS: Patched CVE SUMMARY: The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2498 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2499 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2499 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2500 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2500 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2519 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2519 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2520 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2520 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2527 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2527 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2541 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2541 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2805 CVE STATUS: Patched CVE SUMMARY: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2805 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2806 CVE STATUS: Patched CVE SUMMARY: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2806 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2807 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2807 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-2808 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2808 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3053 CVE STATUS: Patched CVE SUMMARY: bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3053 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3054 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3054 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3311 CVE STATUS: Patched CVE SUMMARY: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3311 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3814 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3814 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2010-3855 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3855 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2011-0226 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0226 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2011-2895 CVE STATUS: Patched CVE SUMMARY: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2895 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1126 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1126 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1127 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1127 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1128 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1128 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1129 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1129 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1130 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1130 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1131 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1131 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1132 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1132 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1133 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1133 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1134 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1134 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1135 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1135 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1136 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1136 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1137 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1137 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1138 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1138 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1139 CVE STATUS: Patched CVE SUMMARY: Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1139 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1140 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1140 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1141 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1141 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1142 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1142 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1143 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1143 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-1144 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1144 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5668 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5668 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5669 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5669 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2012-5670 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5670 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-2240 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2240 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-2241 CVE STATUS: Patched CVE SUMMARY: The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2241 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9656 CVE STATUS: Patched CVE SUMMARY: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9656 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9657 CVE STATUS: Patched CVE SUMMARY: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9657 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9658 CVE STATUS: Patched CVE SUMMARY: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9658 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9659 CVE STATUS: Patched CVE SUMMARY: cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9659 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9660 CVE STATUS: Patched CVE SUMMARY: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9660 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9661 CVE STATUS: Patched CVE SUMMARY: type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9661 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9662 CVE STATUS: Patched CVE SUMMARY: cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9662 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9663 CVE STATUS: Patched CVE SUMMARY: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9663 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9664 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9664 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9665 CVE STATUS: Patched CVE SUMMARY: The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9665 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9666 CVE STATUS: Patched CVE SUMMARY: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9666 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9667 CVE STATUS: Patched CVE SUMMARY: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9667 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9668 CVE STATUS: Patched CVE SUMMARY: The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9668 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9669 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9669 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9670 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9670 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9671 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9671 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9672 CVE STATUS: Patched CVE SUMMARY: Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9672 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9673 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9673 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9674 CVE STATUS: Patched CVE SUMMARY: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9674 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9675 CVE STATUS: Patched CVE SUMMARY: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9675 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9745 CVE STATUS: Patched CVE SUMMARY: The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9745 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9746 CVE STATUS: Patched CVE SUMMARY: The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9746 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2014-9747 CVE STATUS: Patched CVE SUMMARY: The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9747 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9290 CVE STATUS: Patched CVE SUMMARY: In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9290 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9381 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9381 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9382 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9382 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2015-9383 CVE STATUS: Patched CVE SUMMARY: FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9383 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2016-10244 CVE STATUS: Patched CVE SUMMARY: The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10244 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2016-10328 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10328 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7857 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7857 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7858 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7858 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-7864 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7864 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-8105 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8105 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2017-8287 CVE STATUS: Patched CVE SUMMARY: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8287 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2018-6942 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6942 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2020-15999 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15999 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27404 CVE STATUS: Patched CVE SUMMARY: FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27404 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27405 CVE STATUS: Patched CVE SUMMARY: FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27405 LAYER: meta PACKAGE NAME: freetype PACKAGE VERSION: 2.13.2 CVE: CVE-2022-27406 CVE STATUS: Patched CVE SUMMARY: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27406 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2015-4035 CVE STATUS: Patched CVE SUMMARY: scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4035 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2020-22916 CVE STATUS: Patched CVE SUMMARY: An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22916 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2021-29482 CVE STATUS: Patched CVE SUMMARY: xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29482 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2022-1271 CVE STATUS: Patched CVE SUMMARY: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1271 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.4.6 CVE: CVE-2024-3094 CVE STATUS: Patched CVE SUMMARY: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 10.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-3094 LAYER: meta-selinux PACKAGE NAME: libsemanage PACKAGE VERSION: 3.6 CVE: CVE-2020-10751 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2002-0059 CVE STATUS: Patched CVE SUMMARY: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0059 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2003-0107 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0107 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2004-0797 CVE STATUS: Patched CVE SUMMARY: The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0797 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2005-1849 CVE STATUS: Patched CVE SUMMARY: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1849 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2005-2096 CVE STATUS: Patched CVE SUMMARY: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2096 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9840 CVE STATUS: Patched CVE SUMMARY: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9840 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9841 CVE STATUS: Patched CVE SUMMARY: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9841 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9842 CVE STATUS: Patched CVE SUMMARY: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9842 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2016-9843 CVE STATUS: Patched CVE SUMMARY: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9843 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2022-37434 CVE STATUS: Patched CVE SUMMARY: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2023-45853 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: we don't build minizip CVE SUMMARY: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45853 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.3.1 CVE: CVE-2023-6992 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: this CVE is for cloudflare zlib CVE SUMMARY: Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6992 LAYER: meta-multimedia PACKAGE NAME: mpd PACKAGE VERSION: 0.23.14 CVE: CVE-2020-7465 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue. CVE SUMMARY: The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7465 LAYER: meta-multimedia PACKAGE NAME: mpd PACKAGE VERSION: 0.23.14 CVE: CVE-2020-7466 CVE STATUS: Ignored CVE DETAIL: cpe-incorrect CVE DESCRIPTION: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue. CVE SUMMARY: The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7466 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0691 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0691 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0692 CVE STATUS: Patched CVE SUMMARY: The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0692 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2004-0693 CVE STATUS: Patched CVE SUMMARY: The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0693 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2005-0627 CVE STATUS: Patched CVE SUMMARY: Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0627 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2006-4811 CVE STATUS: Patched CVE SUMMARY: Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4811 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-0242 CVE STATUS: Patched CVE SUMMARY: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0242 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-3388 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3388 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2007-4137 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4137 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2009-2700 CVE STATUS: Patched CVE SUMMARY: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2700 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-1766 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1766 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-2621 CVE STATUS: Patched CVE SUMMARY: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2621 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2010-5076 CVE STATUS: Patched CVE SUMMARY: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5076 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3193 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3193 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2011-3194 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3194 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-5624 CVE STATUS: Patched CVE SUMMARY: The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5624 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2012-6093 CVE STATUS: Patched CVE SUMMARY: The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6093 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-0254 CVE STATUS: Patched CVE SUMMARY: The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0254 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2013-4549 CVE STATUS: Patched CVE SUMMARY: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4549 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2014-0190 CVE STATUS: Patched CVE SUMMARY: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0190 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-0295 CVE STATUS: Patched CVE SUMMARY: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0295 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1290 CVE STATUS: Patched CVE SUMMARY: The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1290 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1858 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1858 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1859 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1859 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-1860 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1860 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-7298 CVE STATUS: Patched CVE SUMMARY: ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7298 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2015-9541 CVE STATUS: Patched CVE SUMMARY: Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9541 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10904 CVE STATUS: Patched CVE SUMMARY: Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10904 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-10905 CVE STATUS: Patched CVE SUMMARY: A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10905 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2017-15011 CVE STATUS: Patched CVE SUMMARY: The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15011 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-15518 CVE STATUS: Patched CVE SUMMARY: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15518 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19865 CVE STATUS: Patched CVE SUMMARY: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19865 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19869 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19869 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19870 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19870 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19871 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19871 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19872 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19872 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-19873 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19873 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2018-21035 CVE STATUS: Patched CVE SUMMARY: In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21035 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0569 CVE STATUS: Patched CVE SUMMARY: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:S/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0569 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-0570 CVE STATUS: Patched CVE SUMMARY: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-0570 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-12267 CVE STATUS: Patched CVE SUMMARY: setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12267 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-13962 CVE STATUS: Patched CVE SUMMARY: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13962 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-17507 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17507 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2020-24742 CVE STATUS: Patched CVE SUMMARY: An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24742 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-28025 CVE STATUS: Patched CVE SUMMARY: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28025 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-3481 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3481 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2021-38593 CVE STATUS: Patched CVE SUMMARY: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25255 CVE STATUS: Patched CVE SUMMARY: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25255 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-25634 CVE STATUS: Patched CVE SUMMARY: Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25634 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-40983 CVE STATUS: Patched CVE SUMMARY: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40983 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2022-43591 CVE STATUS: Patched CVE SUMMARY: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43591 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-24607 CVE STATUS: Patched CVE SUMMARY: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24607 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32573 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32762 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32763 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-33285 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33285 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34410 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37369 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38197 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43114 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-51714 LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-39936 LAYER: meta-agl-demo PACKAGE NAME: dashboard PACKAGE VERSION: 2.0+git CVE: CVE-2018-18264 CVE STATUS: Patched CVE SUMMARY: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18264 LAYER: meta-agl-demo PACKAGE NAME: dashboard PACKAGE VERSION: 2.0+git CVE: CVE-2018-25063 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The identifier of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25063 LAYER: meta-agl-demo PACKAGE NAME: dashboard PACKAGE VERSION: 2.0+git CVE: CVE-2020-29654 CVE STATUS: Unpatched CVE SUMMARY: Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29654 LAYER: meta-agl-demo PACKAGE NAME: dashboard PACKAGE VERSION: 2.0+git CVE: CVE-2021-27523 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27523 LAYER: meta-agl-demo PACKAGE NAME: dashboard PACKAGE VERSION: 2.0+git CVE: CVE-2021-30144 CVE STATUS: Patched CVE SUMMARY: The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30144 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2017-7860 CVE STATUS: Patched CVE SUMMARY: Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7860 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2017-7861 CVE STATUS: Patched CVE SUMMARY: Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7861 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2017-8359 CVE STATUS: Patched CVE SUMMARY: Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8359 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2017-9431 CVE STATUS: Patched CVE SUMMARY: Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9431 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2020-7768 CVE STATUS: Patched CVE SUMMARY: The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7768 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-1428 CVE STATUS: Patched CVE SUMMARY: There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1428 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-32731 CVE STATUS: Patched CVE SUMMARY: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32731 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-32732 CVE STATUS: Patched CVE SUMMARY: gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32732 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-33953 CVE STATUS: Patched CVE SUMMARY: gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc… CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33953 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-44487 CVE STATUS: Patched CVE SUMMARY: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 LAYER: meta-oe PACKAGE NAME: grpc PACKAGE VERSION: 1.60.1 CVE: CVE-2023-4785 CVE STATUS: Patched CVE SUMMARY: Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.  CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4785 LAYER: meta PACKAGE NAME: librepo PACKAGE VERSION: 1.17.0 CVE: CVE-2020-14352 CVE STATUS: Patched CVE SUMMARY: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14352 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2003-0102 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0102 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2004-1304 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1304 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-1536 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1536 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2026 CVE STATUS: Patched CVE SUMMARY: The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2026 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2007-2799 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2799 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-1515 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1515 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2009-3930 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3930 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2012-1571 CVE STATUS: Patched CVE SUMMARY: file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1571 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2013-7345 CVE STATUS: Patched CVE SUMMARY: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7345 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-0207 CVE STATUS: Patched CVE SUMMARY: The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0207 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-2270 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2270 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3478 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3478 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3479 CVE STATUS: Patched CVE SUMMARY: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3479 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3480 CVE STATUS: Patched CVE SUMMARY: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3480 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3487 CVE STATUS: Patched CVE SUMMARY: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3487 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3538 CVE STATUS: Patched CVE SUMMARY: file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3538 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-3587 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3587 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8116 CVE STATUS: Patched CVE SUMMARY: The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8116 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-8117 CVE STATUS: Patched CVE SUMMARY: softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8117 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9620 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9620 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9621 CVE STATUS: Patched CVE SUMMARY: The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9621 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9652 CVE STATUS: Patched CVE SUMMARY: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9652 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2014-9653 CVE STATUS: Patched CVE SUMMARY: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9653 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2017-1000249 CVE STATUS: Patched CVE SUMMARY: An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000249 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2018-10360 CVE STATUS: Patched CVE SUMMARY: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10360 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-18218 CVE STATUS: Patched CVE SUMMARY: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18218 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8904 CVE STATUS: Patched CVE SUMMARY: do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8904 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8905 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8905 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8906 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8906 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2019-8907 CVE STATUS: Patched CVE SUMMARY: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8907 LAYER: meta PACKAGE NAME: file PACKAGE VERSION: 5.45 CVE: CVE-2022-48554 CVE STATUS: Patched CVE SUMMARY: File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48554 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.11 CVE: CVE-1999-1140 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1140 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.11 CVE: CVE-2016-6318 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6318 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2004-0401 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0401 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2006-0645 CVE STATUS: Patched CVE SUMMARY: Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0645 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2015-2806 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2806 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2015-3622 CVE STATUS: Patched CVE SUMMARY: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3622 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2016-4008 CVE STATUS: Patched CVE SUMMARY: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4008 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2017-10790 CVE STATUS: Patched CVE SUMMARY: The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10790 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2017-6891 CVE STATUS: Patched CVE SUMMARY: Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6891 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2018-1000654 CVE STATUS: Patched CVE SUMMARY: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2018-6003 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6003 LAYER: meta PACKAGE NAME: libtasn1 PACKAGE VERSION: 4.19.0 CVE: CVE-2021-46848 CVE STATUS: Patched CVE SUMMARY: GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46848 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1107 CVE STATUS: Patched CVE SUMMARY: The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1107 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1108 CVE STATUS: Patched CVE SUMMARY: The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1108 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2012-1584 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1584 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2017-12678 CVE STATUS: Patched CVE SUMMARY: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 LAYER: meta PACKAGE NAME: taglib PACKAGE VERSION: 2.0.1 CVE: CVE-2018-11439 CVE STATUS: Patched CVE SUMMARY: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2014-5461 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5461 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2019-6706 CVE STATUS: Patched CVE SUMMARY: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6706 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-15888 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15888 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-15889 CVE STATUS: Patched CVE SUMMARY: Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15889 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-15945 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15945 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-24342 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24342 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-24369 CVE STATUS: Patched CVE SUMMARY: ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24369 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-24370 CVE STATUS: Patched CVE SUMMARY: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24370 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2020-24371 CVE STATUS: Patched CVE SUMMARY: lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24371 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2021-43519 CVE STATUS: Patched CVE SUMMARY: Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43519 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2021-44647 CVE STATUS: Patched CVE SUMMARY: Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44647 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2021-44964 CVE STATUS: Patched CVE SUMMARY: Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44964 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2021-45985 CVE STATUS: Patched CVE SUMMARY: In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2022-28805 CVE STATUS: Patched CVE SUMMARY: singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28805 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.6 CVE: CVE-2022-33099 CVE STATUS: Patched CVE SUMMARY: An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33099 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2000-0973 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0973 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2003-1605 CVE STATUS: Patched CVE SUMMARY: curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1605 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-0490 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0490 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-3185 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3185 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2005-4077 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4077 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2006-1061 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1061 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2007-3564 CVE STATUS: Patched CVE SUMMARY: libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3564 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2009-0037 CVE STATUS: Patched CVE SUMMARY: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0037 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2009-2417 CVE STATUS: Patched CVE SUMMARY: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2417 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2010-0734 CVE STATUS: Patched CVE SUMMARY: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0734 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2010-3842 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3842 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2011-2192 CVE STATUS: Patched CVE SUMMARY: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2192 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2011-3389 CVE STATUS: Patched CVE SUMMARY: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3389 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2012-0036 CVE STATUS: Patched CVE SUMMARY: curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0036 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-0249 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0249 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-1944 CVE STATUS: Patched CVE SUMMARY: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1944 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-2174 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2174 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-4545 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4545 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2013-6422 CVE STATUS: Patched CVE SUMMARY: The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6422 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0015 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0015 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0138 CVE STATUS: Patched CVE SUMMARY: The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0138 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-0139 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0139 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-2522 CVE STATUS: Patched CVE SUMMARY: curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2522 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3613 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3613 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3620 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3620 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-3707 CVE STATUS: Patched CVE SUMMARY: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3707 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-8150 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8150 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2014-8151 CVE STATUS: Patched CVE SUMMARY: The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8151 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3143 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3143 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3144 CVE STATUS: Patched CVE SUMMARY: The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3144 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3145 CVE STATUS: Patched CVE SUMMARY: The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3145 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3148 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3148 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3153 CVE STATUS: Patched CVE SUMMARY: The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3153 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3236 CVE STATUS: Patched CVE SUMMARY: cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3236 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2015-3237 CVE STATUS: Patched CVE SUMMARY: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3237 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-0754 CVE STATUS: Patched CVE SUMMARY: cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0754 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-0755 CVE STATUS: Patched CVE SUMMARY: The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0755 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-3739 CVE STATUS: Patched CVE SUMMARY: The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3739 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-4606 CVE STATUS: Patched CVE SUMMARY: Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4606 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-4802 CVE STATUS: Patched CVE SUMMARY: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4802 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5419 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5419 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5420 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5420 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-5421 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5421 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-7141 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7141 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-7167 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7167 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8615 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8615 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8616 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8616 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8617 CVE STATUS: Patched CVE SUMMARY: The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8617 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8618 CVE STATUS: Patched CVE SUMMARY: The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8618 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8619 CVE STATUS: Patched CVE SUMMARY: The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8619 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8620 CVE STATUS: Patched CVE SUMMARY: The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8620 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8621 CVE STATUS: Patched CVE SUMMARY: The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8621 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8622 CVE STATUS: Patched CVE SUMMARY: The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8622 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8623 CVE STATUS: Patched CVE SUMMARY: A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8623 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8624 CVE STATUS: Patched CVE SUMMARY: curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8624 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-8625 CVE STATUS: Patched CVE SUMMARY: curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8625 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9586 CVE STATUS: Patched CVE SUMMARY: curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9586 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9594 CVE STATUS: Patched CVE SUMMARY: curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9594 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9952 CVE STATUS: Patched CVE SUMMARY: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9952 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2016-9953 CVE STATUS: Patched CVE SUMMARY: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9953 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000099 CVE STATUS: Patched CVE SUMMARY: When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000099 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000100 CVE STATUS: Patched CVE SUMMARY: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000100 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000101 CVE STATUS: Patched CVE SUMMARY: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000101 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000254 CVE STATUS: Patched CVE SUMMARY: libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000254 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-1000257 CVE STATUS: Patched CVE SUMMARY: An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000257 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-2628 CVE STATUS: Patched CVE SUMMARY: curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2628 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-2629 CVE STATUS: Patched CVE SUMMARY: curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2629 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-7407 CVE STATUS: Patched CVE SUMMARY: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 2.4 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7407 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-7468 CVE STATUS: Patched CVE SUMMARY: In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7468 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8816 CVE STATUS: Patched CVE SUMMARY: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8816 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8817 CVE STATUS: Patched CVE SUMMARY: The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8817 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-8818 CVE STATUS: Patched CVE SUMMARY: curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8818 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2017-9502 CVE STATUS: Patched CVE SUMMARY: In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9502 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-0500 CVE STATUS: Patched CVE SUMMARY: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0500 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000005 CVE STATUS: Patched CVE SUMMARY: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000005 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000007 CVE STATUS: Patched CVE SUMMARY: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000007 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000120 CVE STATUS: Patched CVE SUMMARY: A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000120 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000121 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000121 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000122 CVE STATUS: Patched CVE SUMMARY: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000122 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000300 CVE STATUS: Patched CVE SUMMARY: curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000300 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-1000301 CVE STATUS: Patched CVE SUMMARY: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000301 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-14618 CVE STATUS: Patched CVE SUMMARY: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14618 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16839 CVE STATUS: Patched CVE SUMMARY: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16839 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16840 CVE STATUS: Patched CVE SUMMARY: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16840 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16842 CVE STATUS: Patched CVE SUMMARY: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16842 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2018-16890 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16890 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-3822 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3822 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-3823 CVE STATUS: Patched CVE SUMMARY: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3823 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5435 CVE STATUS: Patched CVE SUMMARY: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5435 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5436 CVE STATUS: Patched CVE SUMMARY: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5436 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5443 CVE STATUS: Patched CVE SUMMARY: A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5443 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5481 CVE STATUS: Patched CVE SUMMARY: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5481 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2019-5482 CVE STATUS: Patched CVE SUMMARY: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5482 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-19909 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19909 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8169 CVE STATUS: Patched CVE SUMMARY: curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8169 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8177 CVE STATUS: Patched CVE SUMMARY: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8177 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8231 CVE STATUS: Patched CVE SUMMARY: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8231 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8284 CVE STATUS: Patched CVE SUMMARY: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8284 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8285 CVE STATUS: Patched CVE SUMMARY: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8285 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2020-8286 CVE STATUS: Patched CVE SUMMARY: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8286 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22876 CVE STATUS: Patched CVE SUMMARY: curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22876 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22890 CVE STATUS: Patched CVE SUMMARY: curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22890 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22897 CVE STATUS: Patched CVE SUMMARY: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22897 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22898 CVE STATUS: Patched CVE SUMMARY: curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22898 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22901 CVE STATUS: Patched CVE SUMMARY: curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22901 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22922 CVE STATUS: Patched CVE SUMMARY: When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22922 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22923 CVE STATUS: Patched CVE SUMMARY: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22923 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22924 CVE STATUS: Patched CVE SUMMARY: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22924 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22925 CVE STATUS: Patched CVE SUMMARY: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22925 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22926 CVE STATUS: Patched CVE SUMMARY: libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22926 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22945 CVE STATUS: Patched CVE SUMMARY: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22945 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22946 CVE STATUS: Patched CVE SUMMARY: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22946 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2021-22947 CVE STATUS: Patched CVE SUMMARY: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22947 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-22576 CVE STATUS: Patched CVE SUMMARY: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22576 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27774 CVE STATUS: Patched CVE SUMMARY: An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27774 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27775 CVE STATUS: Patched CVE SUMMARY: An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27775 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27776 CVE STATUS: Patched CVE SUMMARY: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27776 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27778 CVE STATUS: Patched CVE SUMMARY: A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27778 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27779 CVE STATUS: Patched CVE SUMMARY: libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27779 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27780 CVE STATUS: Patched CVE SUMMARY: The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27780 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27781 CVE STATUS: Patched CVE SUMMARY: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27781 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-27782 CVE STATUS: Patched CVE SUMMARY: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27782 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-30115 CVE STATUS: Patched CVE SUMMARY: Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-30115 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32205 CVE STATUS: Patched CVE SUMMARY: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32205 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32206 CVE STATUS: Patched CVE SUMMARY: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32206 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32207 CVE STATUS: Patched CVE SUMMARY: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32207 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32208 CVE STATUS: Patched CVE SUMMARY: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32208 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-32221 CVE STATUS: Patched CVE SUMMARY: When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32221 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-35252 CVE STATUS: Patched CVE SUMMARY: When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35252 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-35260 CVE STATUS: Patched CVE SUMMARY: curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35260 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-42915 CVE STATUS: Patched CVE SUMMARY: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42915 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-42916 CVE STATUS: Patched CVE SUMMARY: In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42916 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-43551 CVE STATUS: Patched CVE SUMMARY: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43551 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2022-43552 CVE STATUS: Patched CVE SUMMARY: A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43552 LAYER: meta PACKAGE NAME: curl PACKAGE VERSION: 8.7.1 CVE: CVE-2023-23914 CVE STATUS: Patched CVE SUMMARY: A cleartext transmission of sensitive information vulnerability exists in curl