[Spike] Investigate Swift security advisory
Summary - Why is this spike needed?
This spike is necessary to ensure we have enough resources and information about vulnerabilities in packages to make it worthwhile to develop support for Swift
Tasks to Evaluate OSV
-
Is this source Swift advisory information? -
Does this source need internet connectivity? -
Add some schema example -
Description of the integration process
Answers for OSV
- No swift advisories by documentation
- Need internet connectivity
- The structure of the response can be found in the link schema
- This is API based solution so we need to do calls for the results with the package data like this
curl -d \ '{"package": {"name": "mruby"}, "version": "2.1.2rc"}' \ "https://api.osv.dev/v1/query"
Tasks to Evaluate Trivy
-
Is this source Swift advisory information? -
Does this source need internet connectivity? -
Add some schema example -
Description of the integration process
Answer for Trivy
-
Has Swift Advisories can see it here Swift Advisories
-
No need for internet connectivity we can use the Trivy DB that includes the GLAD.
-
The result of the Trivy scan of the SBOM file looks like this
{ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:d937d4a6-ed79-431c-bd3a-13d16391069f", "version": 1, "metadata": { "timestamp": "2024-04-15T07:41:12+00:00", "tools": { "components": [ { "type": "application", "group": "aquasecurity", "name": "trivy", "version": "0.50.1" } ] }, "component": { "bom-ref": "0f1b6598-dead-4791-93ae-bf077c97b512", "type": "application", "name": "https://github.com/insidegui/WWDC.git", "properties": [ { "name": "aquasecurity:trivy:SchemaVersion", "value": "2" } ] } }, "components": [], "dependencies": [ { "ref": "0f1b6598-dead-4791-93ae-bf077c97b512", "dependsOn": [] } ], "vulnerabilities": [] } -
the immigration for the standard Trivy is by using this command
trivy sbom --output /path/to/output.json /path/to/sbom.jsonand if the SBOM file is lined with Trivy standard it will scan the file -
Need to ensure we get the expected outcome from our container with Trivy (there need to be some code changes I assume)
-
No need to add these advisories to GLAD, this process already exists
-
final output from Trivy:
Click to expand
{
"SchemaVersion": 2,
"CreatedAt": "2024-04-16T11:13:49.82095+03:00",
"ArtifactName": "swift-app:latest",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "ubuntu",
"Name": "22.04"
},
"ImageID": "sha256:d9680d30ad21e25a16bab46a4c8f5294cfdca2416bfd1d33d1c6724f0843b3c4",
"DiffIDs": [
"sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2",
"sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825",
"sha256:565ee36d341dd5c13b8ea2feb92fabde96c41394853dc42708449d80fffbd25d",
"sha256:e5eb624dfbbefc0c2926034beedee6b6177b4e280625d4c5f23116755c75dfc2",
"sha256:3eb6b2d3cd1e0baa0a62a7e4cd1fe5d7cdf2d7554aa54c573880d6ea2578c9cb",
"sha256:cf79b4609b551103eb3ec3707304fba6bbdb072d91ecbbe0d56f5324d33876bd",
"sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6"
],
"RepoTags": [
"swift-app:latest"
],
"ImageConfig": {
"architecture": "arm64",
"created": "2024-04-16T06:54:49.989836917Z",
"history": [
{
"created": "2024-04-10T18:26:15Z",
"created_by": "/bin/sh -c #(nop) ARG RELEASE",
"empty_layer": true
},
{
"created": "2024-04-10T18:26:15Z",
"created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH",
"empty_layer": true
},
{
"created": "2024-04-10T18:26:15Z",
"created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu",
"empty_layer": true
},
{
"created": "2024-04-10T18:26:15Z",
"created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04",
"empty_layer": true
},
{
"created": "2024-04-10T18:26:17Z",
"created_by": "/bin/sh -c #(nop) ADD file:5523c8e2dfa5286893a32b66bdb3395b76e282d86d79b7320a5855e8f55481e1 in / "
},
{
"created": "2024-04-10T18:26:17Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:01Z",
"created_by": "/bin/sh -c #(nop) LABEL maintainer=Swift Infrastructure \u003cswift-infrastructure@forums.swift.org\u003e",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:01Z",
"created_by": "/bin/sh -c #(nop) LABEL description=Docker Container for the Swift programming language",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:40Z",
"created_by": "/bin/sh -c export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \u0026\u0026 apt-get -q update \u0026\u0026 apt-get -q install -y binutils git unzip gnupg2 libc6-dev libcurl4-openssl-dev libedit2 libgcc-11-dev libpython3-dev libsqlite3-0 libstdc++-11-dev libxml2-dev libz3-dev pkg-config python3-lldb-13 tzdata zlib1g-dev \u0026\u0026 rm -r /var/lib/apt/lists/*"
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ARG SWIFT_PLATFORM=ubuntu22.04",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ARG SWIFT_BRANCH=swift-5.10-release",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ARG SWIFT_VERSION=swift-5.10-RELEASE",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ARG SWIFT_WEBROOT=https://download.swift.org",
"empty_layer": true
},
{
"created": "2024-04-16T02:18:44Z",
"created_by": "/bin/sh -c #(nop) ENV SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561 SWIFT_PLATFORM=ubuntu22.04 SWIFT_BRANCH=swift-5.10-release SWIFT_VERSION=swift-5.10-RELEASE SWIFT_WEBROOT=https://download.swift.org",
"empty_layer": true
},
{
"created": "2024-04-16T02:19:30Z",
"created_by": "/bin/sh -c set -e; ARCH_NAME=\"$(dpkg --print-architecture)\"; url=; case \"${ARCH_NAME##*-}\" in 'amd64') OS_ARCH_SUFFIX=''; ;; 'arm64') OS_ARCH_SUFFIX='-aarch64'; ;; *) echo \u003e\u00262 \"error: unsupported architecture: '$ARCH_NAME'\"; exit 1 ;; esac; SWIFT_WEBDIR=\"$SWIFT_WEBROOT/$SWIFT_BRANCH/$(echo $SWIFT_PLATFORM | tr -d .)$OS_ARCH_SUFFIX\" \u0026\u0026 SWIFT_BIN_URL=\"$SWIFT_WEBDIR/$SWIFT_VERSION/$SWIFT_VERSION-$SWIFT_PLATFORM$OS_ARCH_SUFFIX.tar.gz\" \u0026\u0026 SWIFT_SIG_URL=\"$SWIFT_BIN_URL.sig\" \u0026\u0026 export DEBIAN_FRONTEND=noninteractive \u0026\u0026 apt-get -q update \u0026\u0026 apt-get -q install -y curl \u0026\u0026 rm -rf /var/lib/apt/lists/* \u0026\u0026 export GNUPGHOME=\"$(mktemp -d)\" \u0026\u0026 curl -fsSL \"$SWIFT_BIN_URL\" -o swift.tar.gz \"$SWIFT_SIG_URL\" -o swift.tar.gz.sig \u0026\u0026 gpg --batch --quiet --keyserver keyserver.ubuntu.com --recv-keys \"$SWIFT_SIGNING_KEY\" \u0026\u0026 gpg --batch --verify swift.tar.gz.sig swift.tar.gz \u0026\u0026 tar -xzf swift.tar.gz --directory / --strip-components=1 \u0026\u0026 chmod -R o+r /usr/lib/swift \u0026\u0026 rm -rf \"$GNUPGHOME\" swift.tar.gz.sig swift.tar.gz \u0026\u0026 apt-get purge --auto-remove -y curl"
},
{
"created": "2024-04-16T02:19:42Z",
"created_by": "/bin/sh -c swift --version"
},
{
"created": "2024-04-16T05:48:44Z",
"created_by": "WORKDIR /app",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-04-16T06:54:22Z",
"created_by": "COPY Package.swift . # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-04-16T06:54:49Z",
"created_by": "RUN /bin/sh -c swift package resolve # buildkit",
"comment": "buildkit.dockerfile.v0"
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2",
"sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825",
"sha256:565ee36d341dd5c13b8ea2feb92fabde96c41394853dc42708449d80fffbd25d",
"sha256:e5eb624dfbbefc0c2926034beedee6b6177b4e280625d4c5f23116755c75dfc2",
"sha256:3eb6b2d3cd1e0baa0a62a7e4cd1fe5d7cdf2d7554aa54c573880d6ea2578c9cb",
"sha256:cf79b4609b551103eb3ec3707304fba6bbdb072d91ecbbe0d56f5324d33876bd",
"sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6"
]
},
"config": {
"Cmd": [
"/bin/bash"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561",
"SWIFT_PLATFORM=ubuntu22.04",
"SWIFT_BRANCH=swift-5.10-release",
"SWIFT_VERSION=swift-5.10-RELEASE",
"SWIFT_WEBROOT=https://download.swift.org"
],
"Labels": {
"description": "Docker Container for the Swift programming language",
"maintainer": "Swift Infrastructure \u003cswift-infrastructure@forums.swift.org\u003e",
"org.opencontainers.image.ref.name": "ubuntu",
"org.opencontainers.image.version": "22.04"
},
"WorkingDir": "/app"
}
}
},
"Results": [
{
"Target": "swift-app:latest (ubuntu 22.04)",
"Class": "os-pkgs",
"Type": "ubuntu",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "binutils@2.38-4ubuntu2.6",
"PkgName": "binutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "binutils@2.38-4ubuntu2.6",
"PkgName": "binutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "binutils@2.38-4ubuntu2.6",
"PkgName": "binutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "binutils@2.38-4ubuntu2.6",
"PkgName": "binutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "binutils@2.38-4ubuntu2.6",
"PkgName": "binutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "binutils-aarch64-linux-gnu@2.38-4ubuntu2.6",
"PkgName": "binutils-aarch64-linux-gnu",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-aarch64-linux-gnu@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "binutils-aarch64-linux-gnu@2.38-4ubuntu2.6",
"PkgName": "binutils-aarch64-linux-gnu",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-aarch64-linux-gnu@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "binutils-aarch64-linux-gnu@2.38-4ubuntu2.6",
"PkgName": "binutils-aarch64-linux-gnu",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-aarch64-linux-gnu@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "binutils-aarch64-linux-gnu@2.38-4ubuntu2.6",
"PkgName": "binutils-aarch64-linux-gnu",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-aarch64-linux-gnu@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "binutils-aarch64-linux-gnu@2.38-4ubuntu2.6",
"PkgName": "binutils-aarch64-linux-gnu",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-aarch64-linux-gnu@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "binutils-common@2.38-4ubuntu2.6",
"PkgName": "binutils-common",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "binutils-common@2.38-4ubuntu2.6",
"PkgName": "binutils-common",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "binutils-common@2.38-4ubuntu2.6",
"PkgName": "binutils-common",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "binutils-common@2.38-4ubuntu2.6",
"PkgName": "binutils-common",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "binutils-common@2.38-4ubuntu2.6",
"PkgName": "binutils-common",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2016-2781",
"PkgID": "coreutils@8.32-4.1ubuntu1.2",
"PkgName": "coreutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1.2?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "8.32-4.1ubuntu1.2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "coreutils: Non-privileged session can escape to the parent session in chroot",
"Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "LOW",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"V2Score": 2.1,
"V3Score": 6.5
},
"redhat": {
"V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"V2Score": 6.2,
"V3Score": 8.6
}
},
"References": [
"http://seclists.org/oss-sec/2016/q1/452",
"http://www.openwall.com/lists/oss-security/2016/02/28/2",
"http://www.openwall.com/lists/oss-security/2016/02/28/3",
"https://access.redhat.com/security/cve/CVE-2016-2781",
"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"https://lore.kernel.org/patchwork/patch/793178/",
"https://nvd.nist.gov/vuln/detail/CVE-2016-2781",
"https://www.cve.org/CVERecord?id=CVE-2016-2781"
],
"PublishedDate": "2017-02-07T15:59:00.333Z",
"LastModifiedDate": "2023-11-07T02:32:03.347Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "dirmngr@2.2.27-3ubuntu2.1",
"PkgName": "dirmngr",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/dirmngr@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2021-3826",
"PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04",
"PkgName": "gcc-11-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c",
"Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"Severity": "LOW",
"CweIDs": [
"CWE-119",
"CWE-787"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:6372",
"https://access.redhat.com/security/cve/CVE-2021-3826",
"https://bugzilla.redhat.com/2122627",
"https://errata.almalinux.org/9/ALSA-2023-6372.html",
"https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
"https://linux.oracle.com/cve/CVE-2021-3826.html",
"https://linux.oracle.com/errata/ELSA-2023-6372.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3826",
"https://www.cve.org/CVERecord?id=CVE-2021-3826"
],
"PublishedDate": "2022-09-01T21:15:08.843Z",
"LastModifiedDate": "2024-01-22T15:01:35.15Z"
},
{
"VulnerabilityID": "CVE-2021-46195",
"PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04",
"PkgName": "gcc-11-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "uncontrolled recursion in libiberty/rust-demangle.c",
"Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2022:8415",
"https://access.redhat.com/security/cve/CVE-2021-46195",
"https://bugzilla.redhat.com/2046300",
"https://errata.almalinux.org/9/ALSA-2022-8415.html",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab",
"https://linux.oracle.com/cve/CVE-2021-46195.html",
"https://linux.oracle.com/errata/ELSA-2022-8415.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-46195",
"https://www.cve.org/CVERecord?id=CVE-2021-46195"
],
"PublishedDate": "2022-01-14T20:15:15.6Z",
"LastModifiedDate": "2022-01-22T01:38:12.167Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04",
"PkgName": "gcc-11-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "gcc-12-base@12.3.0-1ubuntu1~22.04",
"PkgName": "gcc-12-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2018-1000021",
"PkgID": "git@1:2.34.1-1ubuntu1.10",
"PkgName": "git",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/git@2.34.1-1ubuntu1.10?arch=arm64\u0026distro=ubuntu-22.04\u0026epoch=1"
},
"InstalledVersion": "1:2.34.1-1ubuntu1.10",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands",
"Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).",
"Severity": "LOW",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V2Score": 6.8,
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"V3Score": 5
}
},
"References": [
"http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html",
"https://access.redhat.com/security/cve/CVE-2018-1000021",
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000021",
"https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/",
"https://www.cve.org/CVERecord?id=CVE-2018-1000021"
],
"PublishedDate": "2018-02-09T23:29:00.557Z",
"LastModifiedDate": "2018-03-06T19:34:06.18Z"
},
{
"VulnerabilityID": "CVE-2018-1000021",
"PkgID": "git-man@1:2.34.1-1ubuntu1.10",
"PkgName": "git-man",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/git-man@2.34.1-1ubuntu1.10?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1"
},
"InstalledVersion": "1:2.34.1-1ubuntu1.10",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands",
"Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).",
"Severity": "LOW",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V2Score": 6.8,
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"V3Score": 5
}
},
"References": [
"http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html",
"https://access.redhat.com/security/cve/CVE-2018-1000021",
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000021",
"https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/",
"https://www.cve.org/CVERecord?id=CVE-2018-1000021"
],
"PublishedDate": "2018-02-09T23:29:00.557Z",
"LastModifiedDate": "2018-03-06T19:34:06.18Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gnupg@2.2.27-3ubuntu2.1",
"PkgName": "gnupg",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gnupg@2.2.27-3ubuntu2.1?arch=all\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gnupg-l10n@2.2.27-3ubuntu2.1",
"PkgName": "gnupg-l10n",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gnupg-l10n@2.2.27-3ubuntu2.1?arch=all\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gnupg-utils@2.2.27-3ubuntu2.1",
"PkgName": "gnupg-utils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gnupg-utils@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gnupg2@2.2.27-3ubuntu2.1",
"PkgName": "gnupg2",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.1?arch=all\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpg@2.2.27-3ubuntu2.1",
"PkgName": "gpg",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpg@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpg-agent@2.2.27-3ubuntu2.1",
"PkgName": "gpg-agent",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpg-agent@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpg-wks-client@2.2.27-3ubuntu2.1",
"PkgName": "gpg-wks-client",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpg-wks-client@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpg-wks-server@2.2.27-3ubuntu2.1",
"PkgName": "gpg-wks-server",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpg-wks-server@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpgconf@2.2.27-3ubuntu2.1",
"PkgName": "gpgconf",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpgconf@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpgsm@2.2.27-3ubuntu2.1",
"PkgName": "gpgsm",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpgsm@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2022-3219",
"PkgID": "gpgv@2.2.27-3ubuntu2.1",
"PkgName": "gpgv",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.2.27-3ubuntu2.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "denial of service issue (resource consumption) using compressed packets",
"Description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3219",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127010",
"https://dev.gnupg.org/D556",
"https://dev.gnupg.org/T5993",
"https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3219",
"https://security.netapp.com/advisory/ntap-20230324-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-3219"
],
"PublishedDate": "2023-02-23T20:15:12.393Z",
"LastModifiedDate": "2023-05-26T16:31:34.07Z"
},
{
"VulnerabilityID": "CVE-2021-3826",
"PkgID": "libasan6@11.4.0-1ubuntu1~22.04",
"PkgName": "libasan6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c",
"Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"Severity": "LOW",
"CweIDs": [
"CWE-119",
"CWE-787"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:6372",
"https://access.redhat.com/security/cve/CVE-2021-3826",
"https://bugzilla.redhat.com/2122627",
"https://errata.almalinux.org/9/ALSA-2023-6372.html",
"https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
"https://linux.oracle.com/cve/CVE-2021-3826.html",
"https://linux.oracle.com/errata/ELSA-2023-6372.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3826",
"https://www.cve.org/CVERecord?id=CVE-2021-3826"
],
"PublishedDate": "2022-09-01T21:15:08.843Z",
"LastModifiedDate": "2024-01-22T15:01:35.15Z"
},
{
"VulnerabilityID": "CVE-2021-46195",
"PkgID": "libasan6@11.4.0-1ubuntu1~22.04",
"PkgName": "libasan6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "uncontrolled recursion in libiberty/rust-demangle.c",
"Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2022:8415",
"https://access.redhat.com/security/cve/CVE-2021-46195",
"https://bugzilla.redhat.com/2046300",
"https://errata.almalinux.org/9/ALSA-2022-8415.html",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab",
"https://linux.oracle.com/cve/CVE-2021-46195.html",
"https://linux.oracle.com/errata/ELSA-2022-8415.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-46195",
"https://www.cve.org/CVERecord?id=CVE-2021-46195"
],
"PublishedDate": "2022-01-14T20:15:15.6Z",
"LastModifiedDate": "2022-01-22T01:38:12.167Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libasan6@11.4.0-1ubuntu1~22.04",
"PkgName": "libasan6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libatomic1@12.3.0-1ubuntu1~22.04",
"PkgName": "libatomic1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libatomic1@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "libbinutils@2.38-4ubuntu2.6",
"PkgName": "libbinutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "libbinutils@2.38-4ubuntu2.6",
"PkgName": "libbinutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "libbinutils@2.38-4ubuntu2.6",
"PkgName": "libbinutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libbinutils@2.38-4ubuntu2.6",
"PkgName": "libbinutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "libbinutils@2.38-4ubuntu2.6",
"PkgName": "libbinutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2016-20013",
"PkgID": "libc-bin@2.35-0ubuntu3.6",
"PkgName": "libc-bin",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.35-0ubuntu3.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20013",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"https://akkadia.org/drepper/SHA-crypt.txt",
"https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/",
"https://twitter.com/solardiz/status/795601240151457793",
"https://www.cve.org/CVERecord?id=CVE-2016-20013"
],
"PublishedDate": "2022-02-19T05:15:09.413Z",
"LastModifiedDate": "2022-03-03T16:43:19.667Z"
},
{
"VulnerabilityID": "CVE-2016-20013",
"PkgID": "libc-dev-bin@2.35-0ubuntu3.6",
"PkgName": "libc-dev-bin",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.35-0ubuntu3.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20013",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"https://akkadia.org/drepper/SHA-crypt.txt",
"https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/",
"https://twitter.com/solardiz/status/795601240151457793",
"https://www.cve.org/CVERecord?id=CVE-2016-20013"
],
"PublishedDate": "2022-02-19T05:15:09.413Z",
"LastModifiedDate": "2022-03-03T16:43:19.667Z"
},
{
"VulnerabilityID": "CVE-2016-20013",
"PkgID": "libc-devtools@2.35-0ubuntu3.6",
"PkgName": "libc-devtools",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libc-devtools@2.35-0ubuntu3.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.35-0ubuntu3.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20013",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"https://akkadia.org/drepper/SHA-crypt.txt",
"https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/",
"https://twitter.com/solardiz/status/795601240151457793",
"https://www.cve.org/CVERecord?id=CVE-2016-20013"
],
"PublishedDate": "2022-02-19T05:15:09.413Z",
"LastModifiedDate": "2022-03-03T16:43:19.667Z"
},
{
"VulnerabilityID": "CVE-2016-20013",
"PkgID": "libc6@2.35-0ubuntu3.6",
"PkgName": "libc6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.35-0ubuntu3.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20013",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"https://akkadia.org/drepper/SHA-crypt.txt",
"https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/",
"https://twitter.com/solardiz/status/795601240151457793",
"https://www.cve.org/CVERecord?id=CVE-2016-20013"
],
"PublishedDate": "2022-02-19T05:15:09.413Z",
"LastModifiedDate": "2022-03-03T16:43:19.667Z"
},
{
"VulnerabilityID": "CVE-2016-20013",
"PkgID": "libc6-dev@2.35-0ubuntu3.6",
"PkgName": "libc6-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.35-0ubuntu3.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20013",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"https://akkadia.org/drepper/SHA-crypt.txt",
"https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/",
"https://twitter.com/solardiz/status/795601240151457793",
"https://www.cve.org/CVERecord?id=CVE-2016-20013"
],
"PublishedDate": "2022-02-19T05:15:09.413Z",
"LastModifiedDate": "2022-03-03T16:43:19.667Z"
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "libctf-nobfd0@2.38-4ubuntu2.6",
"PkgName": "libctf-nobfd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "libctf-nobfd0@2.38-4ubuntu2.6",
"PkgName": "libctf-nobfd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "libctf-nobfd0@2.38-4ubuntu2.6",
"PkgName": "libctf-nobfd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libctf-nobfd0@2.38-4ubuntu2.6",
"PkgName": "libctf-nobfd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "libctf-nobfd0@2.38-4ubuntu2.6",
"PkgName": "libctf-nobfd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgID": "libctf0@2.38-4ubuntu2.6",
"PkgName": "libctf0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 7.1,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2017-13716",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13716",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009",
"https://www.cve.org/CVERecord?id=CVE-2017-13716"
],
"PublishedDate": "2017-08-28T21:29:00.293Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgID": "libctf0@2.38-4ubuntu2.6",
"PkgName": "libctf0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "LOW",
"CweIDs": [
"CWE-772"
],
"VendorSeverity": {
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/106444",
"https://access.redhat.com/errata/RHSA-2019:3352",
"https://access.redhat.com/security/cve/CVE-2018-20657",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://linux.oracle.com/cve/CVE-2018-20657.html",
"https://linux.oracle.com/errata/ELSA-2019-3352.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-20657",
"https://support.f5.com/csp/article/K62602089",
"https://www.cve.org/CVERecord?id=CVE-2018-20657"
],
"PublishedDate": "2019-01-02T14:29:00.313Z",
"LastModifiedDate": "2019-11-06T01:15:17.87Z"
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgID": "libctf0@2.38-4ubuntu2.6",
"PkgName": "libctf0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "LOW",
"CweIDs": [
"CWE-125",
"CWE-681"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1010204",
"https://linux.oracle.com/cve/CVE-2019-1010204.html",
"https://linux.oracle.com/errata/ELSA-2020-1797.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010204",
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS",
"https://ubuntu.com/security/notices/USN-5349-1",
"https://www.cve.org/CVERecord?id=CVE-2019-1010204"
],
"PublishedDate": "2019-07-23T14:15:13.373Z",
"LastModifiedDate": "2023-11-07T03:02:17.51Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libctf0@2.38-4ubuntu2.6",
"PkgName": "libctf0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-48064",
"PkgID": "libctf0@2.38-4ubuntu2.6",
"PkgName": "libctf0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.6?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.38-4ubuntu2.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c",
"Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.",
"Severity": "LOW",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-48064",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"https://security.netapp.com/advisory/ntap-20231006-0008/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931",
"https://www.cve.org/CVERecord?id=CVE-2022-48064"
],
"PublishedDate": "2023-08-22T19:16:30.937Z",
"LastModifiedDate": "2023-11-07T03:56:28.11Z"
},
{
"VulnerabilityID": "CVE-2021-3826",
"PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libgcc-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c",
"Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"Severity": "LOW",
"CweIDs": [
"CWE-119",
"CWE-787"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:6372",
"https://access.redhat.com/security/cve/CVE-2021-3826",
"https://bugzilla.redhat.com/2122627",
"https://errata.almalinux.org/9/ALSA-2023-6372.html",
"https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
"https://linux.oracle.com/cve/CVE-2021-3826.html",
"https://linux.oracle.com/errata/ELSA-2023-6372.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3826",
"https://www.cve.org/CVERecord?id=CVE-2021-3826"
],
"PublishedDate": "2022-09-01T21:15:08.843Z",
"LastModifiedDate": "2024-01-22T15:01:35.15Z"
},
{
"VulnerabilityID": "CVE-2021-46195",
"PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libgcc-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "uncontrolled recursion in libiberty/rust-demangle.c",
"Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2022:8415",
"https://access.redhat.com/security/cve/CVE-2021-46195",
"https://bugzilla.redhat.com/2046300",
"https://errata.almalinux.org/9/ALSA-2022-8415.html",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab",
"https://linux.oracle.com/cve/CVE-2021-46195.html",
"https://linux.oracle.com/errata/ELSA-2022-8415.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-46195",
"https://www.cve.org/CVERecord?id=CVE-2021-46195"
],
"PublishedDate": "2022-01-14T20:15:15.6Z",
"LastModifiedDate": "2022-01-22T01:38:12.167Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libgcc-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libgcc-s1@12.3.0-1ubuntu1~22.04",
"PkgName": "libgcc-s1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2024-2236",
"PkgID": "libgcrypt20@1.9.4-3ubuntu3",
"PkgName": "libgcrypt20",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.9.4-3ubuntu3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libgcrypt: vulnerable to Marvin Attack",
"Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-208"
],
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-2236",
"https://bugzilla.redhat.com/show_bug.cgi?id=2268268",
"https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt",
"https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html",
"https://nvd.nist.gov/vuln/detail/CVE-2024-2236",
"https://www.cve.org/CVERecord?id=CVE-2024-2236"
],
"PublishedDate": "2024-03-06T22:15:57.977Z",
"LastModifiedDate": "2024-03-07T13:52:27.11Z"
},
{
"VulnerabilityID": "CVE-2021-40812",
"PkgID": "libgd3@2.3.0-2ubuntu2",
"PkgName": "libgd3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgd3@2.3.0-2ubuntu2?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.3.0-2ubuntu2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-40812",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...",
"Description": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.",
"Severity": "LOW",
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"photon": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 6.5
}
},
"References": [
"https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9",
"https://github.com/libgd/libgd/issues/750#issuecomment-914872385",
"https://github.com/libgd/libgd/issues/757",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-40812",
"https://www.cve.org/CVERecord?id=CVE-2021-40812"
],
"PublishedDate": "2021-09-08T21:15:14.083Z",
"LastModifiedDate": "2024-04-07T01:17:53.437Z"
},
{
"VulnerabilityID": "CVE-2024-28834",
"PkgID": "libgnutls30@3.7.3-4ubuntu1.4",
"PkgName": "libgnutls30",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.4?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.7.3-4ubuntu1.4",
"FixedVersion": "3.7.3-4ubuntu1.5",
"Status": "fixed",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28834",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "gnutls: vulnerable to Minerva side-channel information leak",
"Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"alma": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2024:1784",
"https://access.redhat.com/security/cve/CVE-2024-28834",
"https://bugzilla.redhat.com/2269228",
"https://bugzilla.redhat.com/show_bug.cgi?id=2269228",
"https://errata.almalinux.org/8/ALSA-2024-1784.html",
"https://linux.oracle.com/cve/CVE-2024-28834.html",
"https://linux.oracle.com/errata/ELSA-2024-1784.html",
"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html",
"https://nvd.nist.gov/vuln/detail/CVE-2024-28834",
"https://people.redhat.com/~hkario/marvin/",
"https://ubuntu.com/security/notices/USN-6733-1",
"https://www.cve.org/CVERecord?id=CVE-2024-28834",
"https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04"
],
"PublishedDate": "2024-03-21T14:15:07.547Z",
"LastModifiedDate": "2024-04-11T23:15:09.37Z"
},
{
"VulnerabilityID": "CVE-2024-28835",
"PkgID": "libgnutls30@3.7.3-4ubuntu1.4",
"PkgName": "libgnutls30",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.4?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.7.3-4ubuntu1.4",
"FixedVersion": "3.7.3-4ubuntu1.5",
"Status": "fixed",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28835",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "gnutls: potential crash during chain building/verification",
"Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-248"
],
"VendorSeverity": {
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-28835",
"https://bugzilla.redhat.com/show_bug.cgi?id=2269084",
"https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html",
"https://nvd.nist.gov/vuln/detail/CVE-2024-28835",
"https://ubuntu.com/security/notices/USN-6733-1",
"https://www.cve.org/CVERecord?id=CVE-2024-28835",
"https://www.gnutls.org/security-new.html#GNUTLS-SA-2024-01-23"
],
"PublishedDate": "2024-03-21T06:15:45.113Z",
"LastModifiedDate": "2024-03-21T12:58:51.093Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libgomp1@12.3.0-1ubuntu1~22.04",
"PkgName": "libgomp1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgomp1@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2024-26458",
"PkgID": "libgssapi-krb5-2@1.19.2-2ubuntu0.3",
"PkgName": "libgssapi-krb5-2",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26458",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26458",
"https://www.cve.org/CVERecord?id=CVE-2024-26458"
],
"PublishedDate": "2024-02-29T01:44:18.78Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26461",
"PkgID": "libgssapi-krb5-2@1.19.2-2ubuntu0.3",
"PkgName": "libgssapi-krb5-2",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26461",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26461",
"https://www.cve.org/CVERecord?id=CVE-2024-26461"
],
"PublishedDate": "2024-02-29T01:44:18.82Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26462",
"PkgID": "libgssapi-krb5-2@1.19.2-2ubuntu0.3",
"PkgName": "libgssapi-krb5-2",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26462",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/kdc/ndr.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26462",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26462",
"https://www.cve.org/CVERecord?id=CVE-2024-26462"
],
"PublishedDate": "2024-02-29T01:44:18.857Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libhwasan0@12.3.0-1ubuntu1~22.04",
"PkgName": "libhwasan0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libhwasan0@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libitm1@12.3.0-1ubuntu1~22.04",
"PkgName": "libitm1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libitm1@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2024-26458",
"PkgID": "libk5crypto3@1.19.2-2ubuntu0.3",
"PkgName": "libk5crypto3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26458",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26458",
"https://www.cve.org/CVERecord?id=CVE-2024-26458"
],
"PublishedDate": "2024-02-29T01:44:18.78Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26461",
"PkgID": "libk5crypto3@1.19.2-2ubuntu0.3",
"PkgName": "libk5crypto3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26461",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26461",
"https://www.cve.org/CVERecord?id=CVE-2024-26461"
],
"PublishedDate": "2024-02-29T01:44:18.82Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26462",
"PkgID": "libk5crypto3@1.19.2-2ubuntu0.3",
"PkgName": "libk5crypto3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26462",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/kdc/ndr.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26462",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26462",
"https://www.cve.org/CVERecord?id=CVE-2024-26462"
],
"PublishedDate": "2024-02-29T01:44:18.857Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26458",
"PkgID": "libkrb5-3@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5-3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26458",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26458",
"https://www.cve.org/CVERecord?id=CVE-2024-26458"
],
"PublishedDate": "2024-02-29T01:44:18.78Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26461",
"PkgID": "libkrb5-3@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5-3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26461",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26461",
"https://www.cve.org/CVERecord?id=CVE-2024-26461"
],
"PublishedDate": "2024-02-29T01:44:18.82Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26462",
"PkgID": "libkrb5-3@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5-3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26462",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/kdc/ndr.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26462",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26462",
"https://www.cve.org/CVERecord?id=CVE-2024-26462"
],
"PublishedDate": "2024-02-29T01:44:18.857Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26458",
"PkgID": "libkrb5support0@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5support0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26458",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26458",
"https://www.cve.org/CVERecord?id=CVE-2024-26458"
],
"PublishedDate": "2024-02-29T01:44:18.78Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26461",
"PkgID": "libkrb5support0@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5support0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26461",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26461",
"https://www.cve.org/CVERecord?id=CVE-2024-26461"
],
"PublishedDate": "2024-02-29T01:44:18.82Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2024-26462",
"PkgID": "libkrb5support0@1.19.2-2ubuntu0.3",
"PkgName": "libkrb5support0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.19.2-2ubuntu0.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26462",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "krb5: Memory leak at /krb5/src/kdc/ndr.c",
"Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26462",
"https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26462",
"https://www.cve.org/CVERecord?id=CVE-2024-26462"
],
"PublishedDate": "2024-02-29T01:44:18.857Z",
"LastModifiedDate": "2024-02-29T13:49:29.39Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "liblsan0@12.3.0-1ubuntu1~22.04",
"PkgName": "liblsan0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/liblsan0@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2020-22916",
"PkgID": "liblzma5@5.2.5-2ubuntu1",
"PkgName": "liblzma5",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.2.5-2ubuntu1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-22916",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Denial of service via decompression of crafted file",
"Description": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of \"endless output\" and \"denial of service\" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.",
"Severity": "MEDIUM",
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
"https://access.redhat.com/security/cve/CVE-2020-22916",
"https://bugzilla.redhat.com/show_bug.cgi?id=2234987",
"https://bugzilla.suse.com/show_bug.cgi?id=1214590",
"https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
"https://github.com/tukaani-project/xz/issues/61",
"https://nvd.nist.gov/vuln/detail/CVE-2020-22916",
"https://security-tracker.debian.org/tracker/CVE-2020-22916",
"https://tukaani.org/xz/",
"https://www.cve.org/CVERecord?id=CVE-2020-22916"
],
"PublishedDate": "2023-08-22T19:16:19.407Z",
"LastModifiedDate": "2024-04-11T01:07:48.443Z"
},
{
"VulnerabilityID": "CVE-2023-45918",
"PkgID": "libncurses6@6.3-2ubuntu0.1",
"PkgName": "libncurses6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...",
"Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"ubuntu": 1
},
"References": [
"https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"https://security.netapp.com/advisory/ntap-20240315-0006/",
"https://www.cve.org/CVERecord?id=CVE-2023-45918"
],
"PublishedDate": "2024-02-16T22:15:07.88Z",
"LastModifiedDate": "2024-03-15T11:15:08.51Z"
},
{
"VulnerabilityID": "CVE-2023-50495",
"PkgID": "libncurses6@6.3-2ubuntu0.1",
"PkgName": "libncurses6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses: segmentation fault via _nc_wrap_entry()",
"Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-50495",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
"https://security.netapp.com/advisory/ntap-20240119-0008/",
"https://ubuntu.com/security/notices/USN-6684-1",
"https://www.cve.org/CVERecord?id=CVE-2023-50495"
],
"PublishedDate": "2023-12-12T15:15:07.867Z",
"LastModifiedDate": "2024-01-31T03:15:08.49Z"
},
{
"VulnerabilityID": "CVE-2023-45918",
"PkgID": "libncursesw6@6.3-2ubuntu0.1",
"PkgName": "libncursesw6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...",
"Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"ubuntu": 1
},
"References": [
"https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"https://security.netapp.com/advisory/ntap-20240315-0006/",
"https://www.cve.org/CVERecord?id=CVE-2023-45918"
],
"PublishedDate": "2024-02-16T22:15:07.88Z",
"LastModifiedDate": "2024-03-15T11:15:08.51Z"
},
{
"VulnerabilityID": "CVE-2023-50495",
"PkgID": "libncursesw6@6.3-2ubuntu0.1",
"PkgName": "libncursesw6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses: segmentation fault via _nc_wrap_entry()",
"Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-50495",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
"https://security.netapp.com/advisory/ntap-20240119-0008/",
"https://ubuntu.com/security/notices/USN-6684-1",
"https://www.cve.org/CVERecord?id=CVE-2023-50495"
],
"PublishedDate": "2023-12-12T15:15:07.867Z",
"LastModifiedDate": "2024-01-31T03:15:08.49Z"
},
{
"VulnerabilityID": "CVE-2017-11164",
"PkgID": "libpcre3@2:8.39-13ubuntu0.22.04.1",
"PkgName": "libpcre3",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=arm64\u0026distro=ubuntu-22.04\u0026epoch=2"
},
"InstalledVersion": "2:8.39-13ubuntu0.22.04.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "OP_KETRMAX feature in the match function in pcre_exec.c",
"Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"nvd": 3,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 7.8,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://openwall.com/lists/oss-security/2017/07/11/3",
"http://www.openwall.com/lists/oss-security/2023/04/11/1",
"http://www.openwall.com/lists/oss-security/2023/04/12/1",
"http://www.securityfocus.com/bid/99575",
"https://access.redhat.com/security/cve/CVE-2017-11164",
"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2017-11164",
"https://www.cve.org/CVERecord?id=CVE-2017-11164"
],
"PublishedDate": "2017-07-11T03:29:00.277Z",
"LastModifiedDate": "2023-11-07T02:38:10.98Z"
},
{
"VulnerabilityID": "CVE-2022-3857",
"PkgID": "libpng16-16@1.6.37-3build5",
"PkgName": "libpng16-16",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpng16-16@1.6.37-3build5?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.6.37-3build5",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3857",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Null pointer dereference leads to segmentation fault",
"Description": "A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.",
"Severity": "LOW",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3857",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3857",
"https://security.netapp.com/advisory/ntap-20230406-0004/",
"https://sourceforge.net/p/libpng/bugs/300/",
"https://www.cve.org/CVERecord?id=CVE-2022-3857"
],
"PublishedDate": "2023-03-06T23:15:11.087Z",
"LastModifiedDate": "2023-04-06T13:15:08.467Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "libpython3.10@3.10.12-1~22.04.3",
"PkgName": "libpython3.10",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "libpython3.10-dev@3.10.12-1~22.04.3",
"PkgName": "libpython3.10-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "libpython3.10-minimal@3.10.12-1~22.04.3",
"PkgName": "libpython3.10-minimal",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.3",
"PkgName": "libpython3.10-stdlib",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2021-3826",
"PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libstdc++-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c",
"Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"Severity": "LOW",
"CweIDs": [
"CWE-119",
"CWE-787"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:6372",
"https://access.redhat.com/security/cve/CVE-2021-3826",
"https://bugzilla.redhat.com/2122627",
"https://errata.almalinux.org/9/ALSA-2023-6372.html",
"https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
"https://linux.oracle.com/cve/CVE-2021-3826.html",
"https://linux.oracle.com/errata/ELSA-2023-6372.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3826",
"https://www.cve.org/CVERecord?id=CVE-2021-3826"
],
"PublishedDate": "2022-09-01T21:15:08.843Z",
"LastModifiedDate": "2024-01-22T15:01:35.15Z"
},
{
"VulnerabilityID": "CVE-2021-46195",
"PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libstdc++-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "uncontrolled recursion in libiberty/rust-demangle.c",
"Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2022:8415",
"https://access.redhat.com/security/cve/CVE-2021-46195",
"https://bugzilla.redhat.com/2046300",
"https://errata.almalinux.org/9/ALSA-2022-8415.html",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab",
"https://linux.oracle.com/cve/CVE-2021-46195.html",
"https://linux.oracle.com/errata/ELSA-2022-8415.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-46195",
"https://www.cve.org/CVERecord?id=CVE-2021-46195"
],
"PublishedDate": "2022-01-14T20:15:15.6Z",
"LastModifiedDate": "2022-01-22T01:38:12.167Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04",
"PkgName": "libstdc++-11-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libstdc++6@12.3.0-1ubuntu1~22.04",
"PkgName": "libstdc++6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2023-7008",
"PkgID": "libsystemd0@249.11-0ubuntu3.12",
"PkgName": "libsystemd0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.12?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "249.11-0ubuntu3.12",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes",
"Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.",
"Severity": "LOW",
"CweIDs": [
"CWE-300"
],
"VendorSeverity": {
"amazon": 2,
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-7008",
"https://bugzilla.redhat.com/show_bug.cgi?id=2222261",
"https://bugzilla.redhat.com/show_bug.cgi?id=2222672",
"https://github.com/systemd/systemd/issues/25676",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-7008",
"https://www.cve.org/CVERecord?id=CVE-2023-7008"
],
"PublishedDate": "2023-12-23T13:15:07.573Z",
"LastModifiedDate": "2024-01-27T03:15:07.933Z"
},
{
"VulnerabilityID": "CVE-2018-10126",
"PkgID": "libtiff5@4.3.0-6ubuntu0.8",
"PkgName": "libtiff5",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtiff5@4.3.0-6ubuntu0.8?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "4.3.0-6ubuntu0.8",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10126",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c",
"Description": "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.",
"Severity": "LOW",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://bugzilla.maptools.org/show_bug.cgi?id=2786",
"https://access.redhat.com/security/cve/CVE-2018-10126",
"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2018-10126",
"https://www.cve.org/CVERecord?id=CVE-2018-10126"
],
"PublishedDate": "2018-04-21T21:29:00.29Z",
"LastModifiedDate": "2023-11-07T02:51:16.693Z"
},
{
"VulnerabilityID": "CVE-2023-3164",
"PkgID": "libtiff5@4.3.0-6ubuntu0.8",
"PkgName": "libtiff5",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtiff5@4.3.0-6ubuntu0.8?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "4.3.0-6ubuntu0.8",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3164",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libtiff: heap-buffer-overflow in extractImageSection()",
"Description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.",
"Severity": "LOW",
"CweIDs": [
"CWE-787",
"CWE-120"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-3164",
"https://bugzilla.redhat.com/show_bug.cgi?id=2213531",
"https://gitlab.com/libtiff/libtiff/-/issues/542",
"https://nvd.nist.gov/vuln/detail/CVE-2023-3164",
"https://www.cve.org/CVERecord?id=CVE-2023-3164"
],
"PublishedDate": "2023-11-02T12:15:09.543Z",
"LastModifiedDate": "2024-03-08T19:38:13.92Z"
},
{
"VulnerabilityID": "CVE-2023-45918",
"PkgID": "libtinfo6@6.3-2ubuntu0.1",
"PkgName": "libtinfo6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...",
"Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"ubuntu": 1
},
"References": [
"https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"https://security.netapp.com/advisory/ntap-20240315-0006/",
"https://www.cve.org/CVERecord?id=CVE-2023-45918"
],
"PublishedDate": "2024-02-16T22:15:07.88Z",
"LastModifiedDate": "2024-03-15T11:15:08.51Z"
},
{
"VulnerabilityID": "CVE-2023-50495",
"PkgID": "libtinfo6@6.3-2ubuntu0.1",
"PkgName": "libtinfo6",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses: segmentation fault via _nc_wrap_entry()",
"Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-50495",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
"https://security.netapp.com/advisory/ntap-20240119-0008/",
"https://ubuntu.com/security/notices/USN-6684-1",
"https://www.cve.org/CVERecord?id=CVE-2023-50495"
],
"PublishedDate": "2023-12-12T15:15:07.867Z",
"LastModifiedDate": "2024-01-31T03:15:08.49Z"
},
{
"VulnerabilityID": "CVE-2021-3826",
"PkgID": "libtsan0@11.4.0-1ubuntu1~22.04",
"PkgName": "libtsan0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c",
"Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"Severity": "LOW",
"CweIDs": [
"CWE-119",
"CWE-787"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:6372",
"https://access.redhat.com/security/cve/CVE-2021-3826",
"https://bugzilla.redhat.com/2122627",
"https://errata.almalinux.org/9/ALSA-2023-6372.html",
"https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505",
"https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
"https://linux.oracle.com/cve/CVE-2021-3826.html",
"https://linux.oracle.com/errata/ELSA-2023-6372.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3826",
"https://www.cve.org/CVERecord?id=CVE-2021-3826"
],
"PublishedDate": "2022-09-01T21:15:08.843Z",
"LastModifiedDate": "2024-01-22T15:01:35.15Z"
},
{
"VulnerabilityID": "CVE-2021-46195",
"PkgID": "libtsan0@11.4.0-1ubuntu1~22.04",
"PkgName": "libtsan0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "uncontrolled recursion in libiberty/rust-demangle.c",
"Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2022:8415",
"https://access.redhat.com/security/cve/CVE-2021-46195",
"https://bugzilla.redhat.com/2046300",
"https://errata.almalinux.org/9/ALSA-2022-8415.html",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841",
"https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab",
"https://linux.oracle.com/cve/CVE-2021-46195.html",
"https://linux.oracle.com/errata/ELSA-2022-8415.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-46195",
"https://www.cve.org/CVERecord?id=CVE-2021-46195"
],
"PublishedDate": "2022-01-14T20:15:15.6Z",
"LastModifiedDate": "2022-01-22T01:38:12.167Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libtsan0@11.4.0-1ubuntu1~22.04",
"PkgName": "libtsan0",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "11.4.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2022-27943",
"PkgID": "libubsan1@12.3.0-1ubuntu1~22.04",
"PkgName": "libubsan1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libubsan1@12.3.0-1ubuntu1~22.04?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "12.3.0-1ubuntu1~22.04",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const",
"Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"Severity": "LOW",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-27943",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79",
"https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead",
"https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-27943",
"https://sourceware.org/bugzilla/show_bug.cgi?id=28995",
"https://www.cve.org/CVERecord?id=CVE-2022-27943"
],
"PublishedDate": "2022-03-26T13:15:07.9Z",
"LastModifiedDate": "2023-11-07T03:45:32.64Z"
},
{
"VulnerabilityID": "CVE-2023-7008",
"PkgID": "libudev1@249.11-0ubuntu3.12",
"PkgName": "libudev1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.12?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "249.11-0ubuntu3.12",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes",
"Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.",
"Severity": "LOW",
"CweIDs": [
"CWE-300"
],
"VendorSeverity": {
"amazon": 2,
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-7008",
"https://bugzilla.redhat.com/show_bug.cgi?id=2222261",
"https://bugzilla.redhat.com/show_bug.cgi?id=2222672",
"https://github.com/systemd/systemd/issues/25676",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-7008",
"https://www.cve.org/CVERecord?id=CVE-2023-7008"
],
"PublishedDate": "2023-12-23T13:15:07.573Z",
"LastModifiedDate": "2024-01-27T03:15:07.933Z"
},
{
"VulnerabilityID": "CVE-2022-4899",
"PkgID": "libzstd1@1.4.8+dfsg-3build1",
"PkgName": "libzstd1",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "1.4.8+dfsg-3build1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4899",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "zstd: mysql: buffer overrun in util.c",
"Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.",
"Severity": "LOW",
"CweIDs": [
"CWE-400"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2024:1141",
"https://access.redhat.com/security/cve/CVE-2022-4899",
"https://bugzilla.redhat.com/2179864",
"https://bugzilla.redhat.com/2188109",
"https://bugzilla.redhat.com/2188113",
"https://bugzilla.redhat.com/2188115",
"https://bugzilla.redhat.com/2188116",
"https://bugzilla.redhat.com/2188117",
"https://bugzilla.redhat.com/2188118",
"https://bugzilla.redhat.com/2188119",
"https://bugzilla.redhat.com/2188120",
"https://bugzilla.redhat.com/2188121",
"https://bugzilla.redhat.com/2188122",
"https://bugzilla.redhat.com/2188123",
"https://bugzilla.redhat.com/2188124",
"https://bugzilla.redhat.com/2188125",
"https://bugzilla.redhat.com/2188127",
"https://bugzilla.redhat.com/2188128",
"https://bugzilla.redhat.com/2188129",
"https://bugzilla.redhat.com/2188130",
"https://bugzilla.redhat.com/2188131",
"https://bugzilla.redhat.com/2188132",
"https://bugzilla.redhat.com/2224211",
"https://bugzilla.redhat.com/2224212",
"https://bugzilla.redhat.com/2224213",
"https://bugzilla.redhat.com/2224214",
"https://bugzilla.redhat.com/2224215",
"https://bugzilla.redhat.com/2224216",
"https://bugzilla.redhat.com/2224217",
"https://bugzilla.redhat.com/2224218",
"https://bugzilla.redhat.com/2224219",
"https://bugzilla.redhat.com/2224220",
"https://bugzilla.redhat.com/2224221",
"https://bugzilla.redhat.com/2224222",
"https://bugzilla.redhat.com/2245014",
"https://bugzilla.redhat.com/2245015",
"https://bugzilla.redhat.com/2245016",
"https://bugzilla.redhat.com/2245017",
"https://bugzilla.redhat.com/2245018",
"https://bugzilla.redhat.com/2245019",
"https://bugzilla.redhat.com/2245020",
"https://bugzilla.redhat.com/2245021",
"https://bugzilla.redhat.com/2245022",
"https://bugzilla.redhat.com/2245023",
"https://bugzilla.redhat.com/2245024",
"https://bugzilla.redhat.com/2245026",
"https://bugzilla.redhat.com/2245027",
"https://bugzilla.redhat.com/2245028",
"https://bugzilla.redhat.com/2245029",
"https://bugzilla.redhat.com/2245030",
"https://bugzilla.redhat.com/2245031",
"https://bugzilla.redhat.com/2245032",
"https://bugzilla.redhat.com/2245033",
"https://bugzilla.redhat.com/2245034",
"https://bugzilla.redhat.com/2258771",
"https://bugzilla.redhat.com/2258772",
"https://bugzilla.redhat.com/2258773",
"https://bugzilla.redhat.com/2258774",
"https://bugzilla.redhat.com/2258775",
"https://bugzilla.redhat.com/2258776",
"https://bugzilla.redhat.com/2258777",
"https://bugzilla.redhat.com/2258778",
"https://bugzilla.redhat.com/2258779",
"https://bugzilla.redhat.com/2258780",
"https://bugzilla.redhat.com/2258781",
"https://bugzilla.redhat.com/2258782",
"https://bugzilla.redhat.com/2258783",
"https://bugzilla.redhat.com/2258784",
"https://bugzilla.redhat.com/2258785",
"https://bugzilla.redhat.com/2258787",
"https://bugzilla.redhat.com/2258788",
"https://bugzilla.redhat.com/2258789",
"https://bugzilla.redhat.com/2258790",
"https://bugzilla.redhat.com/2258791",
"https://bugzilla.redhat.com/2258792",
"https://bugzilla.redhat.com/2258793",
"https://bugzilla.redhat.com/2258794",
"https://errata.almalinux.org/9/ALSA-2024-1141.html",
"https://github.com/facebook/zstd",
"https://github.com/facebook/zstd/issues/3200",
"https://github.com/facebook/zstd/pull/3220",
"https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml",
"https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6",
"https://linux.oracle.com/cve/CVE-2022-4899.html",
"https://linux.oracle.com/errata/ELSA-2024-1141.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN",
"https://nvd.nist.gov/vuln/detail/CVE-2022-4899",
"https://security.netapp.com/advisory/ntap-20230725-0005",
"https://security.netapp.com/advisory/ntap-20230725-0005/",
"https://www.cve.org/CVERecord?id=CVE-2022-4899"
],
"PublishedDate": "2023-03-31T20:15:07.213Z",
"LastModifiedDate": "2023-11-07T03:59:16.09Z"
},
{
"VulnerabilityID": "CVE-2013-7445",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects",
"Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-399"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"V2Score": 7.8
},
"redhat": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V2Score": 4.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2013-7445",
"https://bugzilla.kernel.org/show_bug.cgi?id=60533",
"https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)",
"https://nvd.nist.gov/vuln/detail/CVE-2013-7445",
"https://www.cve.org/CVERecord?id=CVE-2013-7445"
],
"PublishedDate": "2015-10-16T01:59:00.12Z",
"LastModifiedDate": "2015-10-16T16:22:25.587Z"
},
{
"VulnerabilityID": "CVE-2015-8553",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8553",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "CVE-2015-2150 CVE-2015-8553 xen: non-maskable interrupts triggerable by guests (xsa120)",
"Description": "Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"V2Score": 2.1,
"V3Score": 6.5
},
"redhat": {
"V2Vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"V2Score": 5.2
}
},
"References": [
"http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)",
"http://xenbits.xen.org/xsa/advisory-120.html",
"https://access.redhat.com/security/cve/CVE-2015-8553",
"https://nvd.nist.gov/vuln/detail/CVE-2015-8553",
"https://seclists.org/bugtraq/2019/Aug/18",
"https://www.cve.org/CVERecord?id=CVE-2015-8553",
"https://www.debian.org/security/2019/dsa-4497"
],
"PublishedDate": "2016-04-13T15:59:07.307Z",
"LastModifiedDate": "2019-08-13T23:15:11.203Z"
},
{
"VulnerabilityID": "CVE-2016-8660",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8660",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation",
"Description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-19"
],
"VendorSeverity": {
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.9,
"V3Score": 5.5
},
"redhat": {
"V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.7,
"V3Score": 5.5
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2016/10/13/8",
"http://www.securityfocus.com/bid/93558",
"https://access.redhat.com/security/cve/CVE-2016-8660",
"https://bugzilla.redhat.com/show_bug.cgi?id=1384851",
"https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/",
"https://marc.info/?l=linux-fsdevel\u0026m=147639177409294\u0026w=2",
"https://marc.info/?l=linux-xfs\u0026m=149498118228320\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2016-8660",
"https://www.cve.org/CVERecord?id=CVE-2016-8660"
],
"PublishedDate": "2016-10-16T21:59:14.333Z",
"LastModifiedDate": "2016-11-28T20:41:02.59Z"
},
{
"VulnerabilityID": "CVE-2018-17977",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17977",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service",
"Description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.9,
"V3Score": 4.4
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.9
}
},
"References": [
"http://www.securityfocus.com/bid/105539",
"https://access.redhat.com/security/cve/CVE-2018-17977",
"https://bugzilla.suse.com/show_bug.cgi?id=1111609",
"https://nvd.nist.gov/vuln/detail/CVE-2018-17977",
"https://www.cve.org/CVERecord?id=CVE-2018-17977",
"https://www.openwall.com/lists/oss-security/2018/10/05/5"
],
"PublishedDate": "2018-10-08T17:29:00.653Z",
"LastModifiedDate": "2018-11-26T15:51:30.427Z"
},
{
"VulnerabilityID": "CVE-2021-3864",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3864",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: descendant's dumpable setting with certain SUID binaries",
"Description": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-284"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2021-3864",
"https://bugzilla.redhat.com/show_bug.cgi?id=2015046",
"https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/",
"https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com",
"https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/",
"https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/",
"https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/",
"https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-3864",
"https://security-tracker.debian.org/tracker/CVE-2021-3864",
"https://www.cve.org/CVERecord?id=CVE-2021-3864",
"https://www.openwall.com/lists/oss-security/2021/10/20/2"
],
"PublishedDate": "2022-08-26T16:15:09.68Z",
"LastModifiedDate": "2023-02-12T23:42:51.317Z"
},
{
"VulnerabilityID": "CVE-2021-4095",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4095",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c",
"Description": "A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 1.9,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2022/01/17/1",
"https://access.redhat.com/security/cve/CVE-2021-4095",
"https://bugzilla.redhat.com/show_bug.cgi?id=2031194",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55749769fe608fa3f4a075e42e89d237c8e3763",
"https://linux.oracle.com/cve/CVE-2021-4095.html",
"https://linux.oracle.com/errata/ELSA-2022-9534.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/",
"https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-4095",
"https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/",
"https://seclists.org/oss-sec/2021/q4/157",
"https://www.cve.org/CVERecord?id=CVE-2021-4095"
],
"PublishedDate": "2022-03-10T17:44:53.563Z",
"LastModifiedDate": "2023-11-07T03:40:10.533Z"
},
{
"VulnerabilityID": "CVE-2022-0400",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0400",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Out of bounds read in the smc protocol stack",
"Description": "An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-0400",
"https://bugzilla.redhat.com/show_bug.cgi?id=2040604",
"https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)",
"https://bugzilla.redhat.com/show_bug.cgi?id=2044575",
"https://nvd.nist.gov/vuln/detail/CVE-2022-0400",
"https://www.cve.org/CVERecord?id=CVE-2022-0400"
],
"PublishedDate": "2022-08-29T15:15:09.423Z",
"LastModifiedDate": "2022-09-01T20:18:18.247Z"
},
{
"VulnerabilityID": "CVE-2022-0480",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0480",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion",
"Description": "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-0480",
"https://bugzilla.redhat.com/show_bug.cgi?id=2049700",
"https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042",
"https://github.com/kata-containers/kata-containers/issues/3373",
"https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/",
"https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-0480",
"https://ubuntu.com/security/CVE-2022-0480",
"https://www.cve.org/CVERecord?id=CVE-2022-0480"
],
"PublishedDate": "2022-08-29T15:15:09.477Z",
"LastModifiedDate": "2023-03-03T18:49:53.213Z"
},
{
"VulnerabilityID": "CVE-2022-0995",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0995",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: kernel bug in the watch_queue subsystem",
"Description": "An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"photon": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 7.2,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html",
"http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html",
"https://access.redhat.com/security/cve/CVE-2022-0995",
"https://bugzilla.redhat.com/show_bug.cgi?id=2063786",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb",
"https://nvd.nist.gov/vuln/detail/CVE-2022-0995",
"https://security.netapp.com/advisory/ntap-20220429-0001/",
"https://www.cve.org/CVERecord?id=CVE-2022-0995"
],
"PublishedDate": "2022-03-25T19:15:10.52Z",
"LastModifiedDate": "2023-11-09T14:44:33.733Z"
},
{
"VulnerabilityID": "CVE-2022-1247",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1247",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "A race condition bug in rose_connect()",
"Description": "An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u003euse to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-362"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-1247",
"https://bugzilla.redhat.com/show_bug.cgi?id=2066799",
"https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/",
"https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-1247",
"https://www.cve.org/CVERecord?id=CVE-2022-1247"
],
"PublishedDate": "2022-08-31T16:15:09.177Z",
"LastModifiedDate": "2022-09-06T19:24:14.887Z"
},
{
"VulnerabilityID": "CVE-2022-25836",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25836",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-294"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"V3Score": 7.5
}
},
"References": [
"https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/",
"https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
"https://www.cve.org/CVERecord?id=CVE-2022-25836"
],
"PublishedDate": "2022-12-12T04:15:09.587Z",
"LastModifiedDate": "2022-12-14T17:53:27.793Z"
},
{
"VulnerabilityID": "CVE-2022-2961",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2961",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "race condition in rose_bind()",
"Description": "A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-362",
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-2961",
"https://nvd.nist.gov/vuln/detail/CVE-2022-2961",
"https://security.netapp.com/advisory/ntap-20230214-0004/",
"https://www.cve.org/CVERecord?id=CVE-2022-2961"
],
"PublishedDate": "2022-08-29T15:15:10.81Z",
"LastModifiedDate": "2023-06-28T20:34:05.737Z"
},
{
"VulnerabilityID": "CVE-2022-3238",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3238",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously",
"Description": "A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-415",
"CWE-459"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3238",
"https://bugzilla.redhat.com/show_bug.cgi?id=2127927",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3238",
"https://www.cve.org/CVERecord?id=CVE-2022-3238"
],
"PublishedDate": "2022-11-14T21:15:16.163Z",
"LastModifiedDate": "2022-11-17T20:24:18.537Z"
},
{
"VulnerabilityID": "CVE-2022-3523",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3523",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Kernel: race when faulting a device private page in memory manager",
"Description": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416",
"CWE-119"
],
"VendorSeverity": {
"amazon": 3,
"nvd": 2,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3523",
"https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33",
"https://linux.oracle.com/cve/CVE-2022-3523.html",
"https://linux.oracle.com/errata/ELSA-2023-6583.html",
"https://lore.kernel.org/all/8735bbuyvs.fsf@nvidia.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3523",
"https://vuldb.com/?id.211020",
"https://www.cve.org/CVERecord?id=CVE-2022-3523"
],
"PublishedDate": "2022-10-16T10:15:10.193Z",
"LastModifiedDate": "2023-11-07T03:51:21.797Z"
},
{
"VulnerabilityID": "CVE-2022-38096",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-38096",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query",
"Description": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"alma": 3,
"cbl-mariner": 2,
"nvd": 2,
"oracle-oval": 3,
"redhat": 2,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2024:1607",
"https://access.redhat.com/security/cve/CVE-2022-38096",
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2073",
"https://bugzilla.redhat.com/2133452",
"https://bugzilla.redhat.com/2252731",
"https://bugzilla.redhat.com/2255498",
"https://bugzilla.redhat.com/2258518",
"https://bugzilla.redhat.com/2259866",
"https://bugzilla.redhat.com/2261976",
"https://bugzilla.redhat.com/2262126",
"https://bugzilla.redhat.com/show_bug.cgi?id=2133452",
"https://bugzilla.redhat.com/show_bug.cgi?id=2252731",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255498",
"https://bugzilla.redhat.com/show_bug.cgi?id=2258518",
"https://bugzilla.redhat.com/show_bug.cgi?id=2259866",
"https://bugzilla.redhat.com/show_bug.cgi?id=2261976",
"https://bugzilla.redhat.com/show_bug.cgi?id=2262126",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33631",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38096",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51042",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6546",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086",
"https://errata.almalinux.org/8/ALSA-2024-1607.html",
"https://errata.rockylinux.org/RLSA-2024:1607",
"https://linux.oracle.com/cve/CVE-2022-38096.html",
"https://linux.oracle.com/errata/ELSA-2024-1607.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-38096",
"https://www.cve.org/CVERecord?id=CVE-2022-38096"
],
"PublishedDate": "2022-09-09T15:15:14.407Z",
"LastModifiedDate": "2022-09-14T21:18:05.023Z"
},
{
"VulnerabilityID": "CVE-2022-38457",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-38457",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: vmwgfx: use-after-free in vmw_cmd_res_check",
"Description": "A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"alma": 3,
"cbl-mariner": 2,
"nvd": 2,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:7077",
"https://access.redhat.com/security/cve/CVE-2022-38457",
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2074",
"https://bugzilla.redhat.com/2024989",
"https://bugzilla.redhat.com/2073091",
"https://bugzilla.redhat.com/2133453",
"https://bugzilla.redhat.com/2133455",
"https://bugzilla.redhat.com/2139610",
"https://bugzilla.redhat.com/2147356",
"https://bugzilla.redhat.com/2148520",
"https://bugzilla.redhat.com/2149024",
"https://bugzilla.redhat.com/2151317",
"https://bugzilla.redhat.com/2156322",
"https://bugzilla.redhat.com/2165741",
"https://bugzilla.redhat.com/2165926",
"https://bugzilla.redhat.com/2168332",
"https://bugzilla.redhat.com/2173403",
"https://bugzilla.redhat.com/2173430",
"https://bugzilla.redhat.com/2173434",
"https://bugzilla.redhat.com/2173444",
"https://bugzilla.redhat.com/2174400",
"https://bugzilla.redhat.com/2175903",
"https://bugzilla.redhat.com/2176140",
"https://bugzilla.redhat.com/2177371",
"https://bugzilla.redhat.com/2177389",
"https://bugzilla.redhat.com/2181330",
"https://bugzilla.redhat.com/2182443",
"https://bugzilla.redhat.com/2184578",
"https://bugzilla.redhat.com/2185945",
"https://bugzilla.redhat.com/2187257",
"https://bugzilla.redhat.com/2188468",
"https://bugzilla.redhat.com/2192667",
"https://bugzilla.redhat.com/2192671",
"https://bugzilla.redhat.com/2193097",
"https://bugzilla.redhat.com/2193219",
"https://bugzilla.redhat.com/2213139",
"https://bugzilla.redhat.com/2213199",
"https://bugzilla.redhat.com/2213485",
"https://bugzilla.redhat.com/2213802",
"https://bugzilla.redhat.com/2214348",
"https://bugzilla.redhat.com/2215502",
"https://bugzilla.redhat.com/2215835",
"https://bugzilla.redhat.com/2215836",
"https://bugzilla.redhat.com/2215837",
"https://bugzilla.redhat.com/2218195",
"https://bugzilla.redhat.com/2218212",
"https://bugzilla.redhat.com/2218943",
"https://bugzilla.redhat.com/2221707",
"https://bugzilla.redhat.com/2223949",
"https://bugzilla.redhat.com/2225191",
"https://bugzilla.redhat.com/2225201",
"https://bugzilla.redhat.com/2225511",
"https://bugzilla.redhat.com/2236982",
"https://errata.almalinux.org/8/ALSA-2023-7077.html",
"https://linux.oracle.com/cve/CVE-2022-38457.html",
"https://linux.oracle.com/errata/ELSA-2023-7077.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-38457",
"https://www.cve.org/CVERecord?id=CVE-2022-38457"
],
"PublishedDate": "2022-09-09T15:15:14.52Z",
"LastModifiedDate": "2023-04-17T16:45:05.667Z"
},
{
"VulnerabilityID": "CVE-2022-40133",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40133",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context",
"Description": "A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"alma": 3,
"cbl-mariner": 2,
"nvd": 2,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:7077",
"https://access.redhat.com/security/cve/CVE-2022-40133",
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2075",
"https://bugzilla.redhat.com/2024989",
"https://bugzilla.redhat.com/2073091",
"https://bugzilla.redhat.com/2133453",
"https://bugzilla.redhat.com/2133455",
"https://bugzilla.redhat.com/2139610",
"https://bugzilla.redhat.com/2147356",
"https://bugzilla.redhat.com/2148520",
"https://bugzilla.redhat.com/2149024",
"https://bugzilla.redhat.com/2151317",
"https://bugzilla.redhat.com/2156322",
"https://bugzilla.redhat.com/2165741",
"https://bugzilla.redhat.com/2165926",
"https://bugzilla.redhat.com/2168332",
"https://bugzilla.redhat.com/2173403",
"https://bugzilla.redhat.com/2173430",
"https://bugzilla.redhat.com/2173434",
"https://bugzilla.redhat.com/2173444",
"https://bugzilla.redhat.com/2174400",
"https://bugzilla.redhat.com/2175903",
"https://bugzilla.redhat.com/2176140",
"https://bugzilla.redhat.com/2177371",
"https://bugzilla.redhat.com/2177389",
"https://bugzilla.redhat.com/2181330",
"https://bugzilla.redhat.com/2182443",
"https://bugzilla.redhat.com/2184578",
"https://bugzilla.redhat.com/2185945",
"https://bugzilla.redhat.com/2187257",
"https://bugzilla.redhat.com/2188468",
"https://bugzilla.redhat.com/2192667",
"https://bugzilla.redhat.com/2192671",
"https://bugzilla.redhat.com/2193097",
"https://bugzilla.redhat.com/2193219",
"https://bugzilla.redhat.com/2213139",
"https://bugzilla.redhat.com/2213199",
"https://bugzilla.redhat.com/2213485",
"https://bugzilla.redhat.com/2213802",
"https://bugzilla.redhat.com/2214348",
"https://bugzilla.redhat.com/2215502",
"https://bugzilla.redhat.com/2215835",
"https://bugzilla.redhat.com/2215836",
"https://bugzilla.redhat.com/2215837",
"https://bugzilla.redhat.com/2218195",
"https://bugzilla.redhat.com/2218212",
"https://bugzilla.redhat.com/2218943",
"https://bugzilla.redhat.com/2221707",
"https://bugzilla.redhat.com/2223949",
"https://bugzilla.redhat.com/2225191",
"https://bugzilla.redhat.com/2225201",
"https://bugzilla.redhat.com/2225511",
"https://bugzilla.redhat.com/2236982",
"https://errata.almalinux.org/8/ALSA-2023-7077.html",
"https://linux.oracle.com/cve/CVE-2022-40133.html",
"https://linux.oracle.com/errata/ELSA-2023-7077.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-40133",
"https://www.cve.org/CVERecord?id=CVE-2022-40133"
],
"PublishedDate": "2022-09-09T15:15:15.137Z",
"LastModifiedDate": "2023-04-17T16:44:56.427Z"
},
{
"VulnerabilityID": "CVE-2022-4543",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4543",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: KASLR Prefetch Bypass Breaks KPTI",
"Description": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-203",
"CWE-200"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-4543",
"https://nvd.nist.gov/vuln/detail/CVE-2022-4543",
"https://www.cve.org/CVERecord?id=CVE-2022-4543",
"https://www.openwall.com/lists/oss-security/2022/12/16/3",
"https://www.willsroot.io/2022/12/entrybleed.html"
],
"PublishedDate": "2023-01-11T15:15:09.673Z",
"LastModifiedDate": "2023-01-19T18:38:32.673Z"
},
{
"VulnerabilityID": "CVE-2023-0030",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0030",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Use after Free in nvkm_vmm_pfn_map",
"Description": "A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-0030",
"https://bugzilla.redhat.com/show_bug.cgi?id=2157270",
"https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)",
"https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10",
"https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/",
"https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-0030",
"https://security.netapp.com/advisory/ntap-20230413-0010/",
"https://www.cve.org/CVERecord?id=CVE-2023-0030"
],
"PublishedDate": "2023-03-08T23:15:10.963Z",
"LastModifiedDate": "2023-04-13T17:15:09.433Z"
},
{
"VulnerabilityID": "CVE-2023-0160",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0160",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "possibility of deadlock in libbpf function sock_hash_delete_elem",
"Description": "A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-667",
"CWE-833"
],
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 2,
"nvd": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-0160",
"https://bugzilla.redhat.com/show_bug.cgi?id=2159764",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56",
"https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/",
"https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/",
"https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-0160",
"https://www.cve.org/CVERecord?id=CVE-2023-0160"
],
"PublishedDate": "2023-07-18T17:15:11.313Z",
"LastModifiedDate": "2023-11-07T03:59:46.343Z"
},
{
"VulnerabilityID": "CVE-2023-1193",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1193",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "use-after-free in setup_async_work()",
"Description": "A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-1193",
"https://bugzilla.redhat.com/show_bug.cgi?id=2154177",
"https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-1193",
"https://www.cve.org/CVERecord?id=CVE-2023-1193"
],
"PublishedDate": "2023-11-01T20:15:08.663Z",
"LastModifiedDate": "2023-11-09T15:13:51.737Z"
},
{
"VulnerabilityID": "CVE-2023-2007",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2007",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "DPT I2O controller TOCTOU information disclosure vulnerability",
"Description": "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-667",
"CWE-367"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"photon": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"V3Score": 6.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-2007",
"https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0",
"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-2007",
"https://security.netapp.com/advisory/ntap-20240119-0011/",
"https://www.cve.org/CVERecord?id=CVE-2023-2007",
"https://www.debian.org/security/2023/dsa-5480",
"https://www.zerodayinitiative.com/advisories/ZDI-23-440/"
],
"PublishedDate": "2023-04-24T23:15:18.877Z",
"LastModifiedDate": "2024-02-01T01:39:22.507Z"
},
{
"VulnerabilityID": "CVE-2023-26242",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26242",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...",
"Description": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-190"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://bugzilla.suse.com/show_bug.cgi?id=1208518",
"https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-26242",
"https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com",
"https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/",
"https://security.netapp.com/advisory/ntap-20230406-0002/",
"https://www.cve.org/CVERecord?id=CVE-2023-26242"
],
"PublishedDate": "2023-02-21T01:15:11.423Z",
"LastModifiedDate": "2024-03-25T01:15:53.57Z"
},
{
"VulnerabilityID": "CVE-2023-28327",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28327",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: denial of service problem in net/unix/diag.c",
"Description": "A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-28327",
"https://bugzilla.redhat.com/show_bug.cgi?id=2177382",
"https://lore.kernel.org/netdev/CAO4mrffDLiqo3hWRC=uP_E-3VQSV4O=1BiOaS0Z1J0GHLVgzVQ@mail.gmail.com/T/#m3082ca8922ae87cbb9e460a6c65fe09eee2c99b9",
"https://nvd.nist.gov/vuln/detail/CVE-2023-28327",
"https://www.cve.org/CVERecord?id=CVE-2023-28327"
],
"PublishedDate": "2023-04-19T23:15:07.027Z",
"LastModifiedDate": "2023-04-29T03:12:41.973Z"
},
{
"VulnerabilityID": "CVE-2023-31082",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31082",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: sleeping function called from an invalid context in gsmld_write",
"Description": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-763"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-31082",
"https://bugzilla.suse.com/show_bug.cgi?id=1210781",
"https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/",
"https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-31082",
"https://security.netapp.com/advisory/ntap-20230929-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-31082"
],
"PublishedDate": "2023-04-24T06:15:07.783Z",
"LastModifiedDate": "2024-03-25T01:15:54.04Z"
},
{
"VulnerabilityID": "CVE-2023-52433",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52433",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: nf_tables: nft_set_rbtree skip sync GC for new elements in this transaction",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.",
"Severity": "MEDIUM",
"VendorSeverity": {
"amazon": 3,
"redhat": 2,
"ubuntu": 2
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52433",
"https://git.kernel.org/linus/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 (6.6-rc1)",
"https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017",
"https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4",
"https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1",
"https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce",
"https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8",
"https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a",
"https://lore.kernel.org/linux-cve-announce/2024022058-outsell-equator-e1c5@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52433",
"https://www.cve.org/CVERecord?id=CVE-2023-52433"
],
"PublishedDate": "2024-02-20T13:15:08.14Z",
"LastModifiedDate": "2024-04-04T14:15:09.057Z"
},
{
"VulnerabilityID": "CVE-2023-52434",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52434",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: smb: client: fix potential OOBs in smb2_parse_contexts()",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 3,
"nvd": 3,
"photon": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52434",
"https://git.kernel.org/linus/af1689a9b7701d9907dfc84d2a4b57c4bc907144 (6.7-rc6)",
"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=17a0f64cc02d4972e21c733d9f21d1c512963afa",
"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5",
"https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa",
"https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
"https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48",
"https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"https://lore.kernel.org/linux-cve-announce/2024022033-makeshift-flammable-cb72@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52434",
"https://ubuntu.com/security/notices/USN-6724-1",
"https://www.cve.org/CVERecord?id=CVE-2023-52434"
],
"PublishedDate": "2024-02-20T18:15:50.79Z",
"LastModifiedDate": "2024-03-15T14:21:29.95Z"
},
{
"VulnerabilityID": "CVE-2023-52435",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52435",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: net: prevent mss overflow in skb_segment()",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52435",
"https://git.kernel.org/linus/23d05d563b7e7b0314e65c8e882bc27eac2da8e7 (6.7-rc6)",
"https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7",
"https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a",
"https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3",
"https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77",
"https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137",
"https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083",
"https://lore.kernel.org/linux-cve-announce/2024022048-rind-huff-b1a2@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52435",
"https://ubuntu.com/security/notices/USN-6724-1",
"https://www.cve.org/CVERecord?id=CVE-2023-52435"
],
"PublishedDate": "2024-02-20T20:15:08.063Z",
"LastModifiedDate": "2024-03-15T14:06:17.587Z"
},
{
"VulnerabilityID": "CVE-2023-52446",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52446",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: bpf: Fix a race condition between btf_put() and map_free()",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a race condition between btf_put() and map_free()\n\nWhen running `./test_progs -j` in my local vm with latest kernel,\nI once hit a kasan error like below:\n\n [ 1887.184724] BUG: KASAN: slab-use-after-free in bpf_rb_root_free+0x1f8/0x2b0\n [ 1887.185599] Read of size 4 at addr ffff888106806910 by task kworker/u12:2/2830\n [ 1887.186498]\n [ 1887.186712] CPU: 3 PID: 2830 Comm: kworker/u12:2 Tainted: G OEL 6.7.0-rc3-00699-g90679706d486-dirty #494\n [ 1887.188034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 1887.189618] Workqueue: events_unbound bpf_map_free_deferred\n [ 1887.190341] Call Trace:\n [ 1887.190666] \u003cTASK\u003e\n [ 1887.190949] dump_stack_lvl+0xac/0xe0\n [ 1887.191423] ? nf_tcp_handle_invalid+0x1b0/0x1b0\n [ 1887.192019] ? panic+0x3c0/0x3c0\n [ 1887.192449] print_report+0x14f/0x720\n [ 1887.192930] ? preempt_count_sub+0x1c/0xd0\n [ 1887.193459] ? __virt_addr_valid+0xac/0x120\n [ 1887.194004] ? bpf_rb_root_free+0x1f8/0x2b0\n [ 1887.194572] kasan_report+0xc3/0x100\n [ 1887.195085] ? bpf_rb_root_free+0x1f8/0x2b0\n [ 1887.195668] bpf_rb_root_free+0x1f8/0x2b0\n [ 1887.196183] ? __bpf_obj_drop_impl+0xb0/0xb0\n [ 1887.196736] ? preempt_count_sub+0x1c/0xd0\n [ 1887.197270] ? preempt_count_sub+0x1c/0xd0\n [ 1887.197802] ? _raw_spin_unlock+0x1f/0x40\n [ 1887.198319] bpf_obj_free_fields+0x1d4/0x260\n [ 1887.198883] array_map_free+0x1a3/0x260\n [ 1887.199380] bpf_map_free_deferred+0x7b/0xe0\n [ 1887.199943] process_scheduled_works+0x3a2/0x6c0\n [ 1887.200549] worker_thread+0x633/0x890\n [ 1887.201047] ? __kthread_parkme+0xd7/0xf0\n [ 1887.201574] ? kthread+0x102/0x1d0\n [ 1887.202020] kthread+0x1ab/0x1d0\n [ 1887.202447] ? pr_cont_work+0x270/0x270\n [ 1887.202954] ? kthread_blkcg+0x50/0x50\n [ 1887.203444] ret_from_fork+0x34/0x50\n [ 1887.203914] ? kthread_blkcg+0x50/0x50\n [ 1887.204397] ret_from_fork_asm+0x11/0x20\n [ 1887.204913] \u003c/TASK\u003e\n [ 1887.204913] \u003c/TASK\u003e\n [ 1887.205209]\n [ 1887.205416] Allocated by task 2197:\n [ 1887.205881] kasan_set_track+0x3f/0x60\n [ 1887.206366] __kasan_kmalloc+0x6e/0x80\n [ 1887.206856] __kmalloc+0xac/0x1a0\n [ 1887.207293] btf_parse_fields+0xa15/0x1480\n [ 1887.207836] btf_parse_struct_metas+0x566/0x670\n [ 1887.208387] btf_new_fd+0x294/0x4d0\n [ 1887.208851] __sys_bpf+0x4ba/0x600\n [ 1887.209292] __x64_sys_bpf+0x41/0x50\n [ 1887.209762] do_syscall_64+0x4c/0xf0\n [ 1887.210222] entry_SYSCALL_64_after_hwframe+0x63/0x6b\n [ 1887.210868]\n [ 1887.211074] Freed by task 36:\n [ 1887.211460] kasan_set_track+0x3f/0x60\n [ 1887.211951] kasan_save_free_info+0x28/0x40\n [ 1887.212485] ____kasan_slab_free+0x101/0x180\n [ 1887.213027] __kmem_cache_free+0xe4/0x210\n [ 1887.213514] btf_free+0x5b/0x130\n [ 1887.213918] rcu_core+0x638/0xcc0\n [ 1887.214347] __do_softirq+0x114/0x37e\n\nThe error happens at bpf_rb_root_free+0x1f8/0x2b0:\n\n 00000000000034c0 \u003cbpf_rb_root_free\u003e:\n ; {\n 34c0: f3 0f 1e fa endbr64\n 34c4: e8 00 00 00 00 callq 0x34c9 \u003cbpf_rb_root_free+0x9\u003e\n 34c9: 55 pushq %rbp\n 34ca: 48 89 e5 movq %rsp, %rbp\n ...\n ; if (rec \u0026\u0026 rec-\u003erefcount_off \u003e= 0 \u0026\u0026\n 36aa: 4d 85 ed testq %r13, %r13\n 36ad: 74 a9 je 0x3658 \u003cbpf_rb_root_free+0x198\u003e\n 36af: 49 8d 7d 10 leaq 0x10(%r13), %rdi\n 36b3: e8 00 00 00 00 callq 0x36b8 \u003cbpf_rb_root_free+0x1f8\u003e\n \u003c==== kasan function\n 36b8: 45 8b 7d 10 movl 0x10(%r13), %r15d\n \u003c==== use-after-free load\n 36bc: 45 85 ff testl %r15d, %r15d\n 36bf: 78 8c js 0x364d \u003cbpf_rb_root_free+0x18d\u003e\n\nSo the problem \n---truncated---",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"V3Score": 3.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52446",
"https://git.kernel.org/stable/c/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90",
"https://git.kernel.org/stable/c/d048dced8ea5eac6723ae873a40567e6f101ea42",
"https://git.kernel.org/stable/c/f9ff6ef1c73cd9e1a6bb1ab3e57c5d141a536306",
"https://lore.kernel.org/linux-cve-announce/2024022254-CVE-2023-52446-2812@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52446",
"https://www.cve.org/CVERecord?id=CVE-2023-52446"
],
"PublishedDate": "2024-02-22T17:15:08.527Z",
"LastModifiedDate": "2024-03-14T19:47:14.733Z"
},
{
"VulnerabilityID": "CVE-2023-52447",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52447",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: bpf: Defer the free of inner map when necessary",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer the free of inner map when necessary\n\nWhen updating or deleting an inner map in map array or map htab, the map\nmay still be accessed by non-sleepable program or sleepable program.\nHowever bpf_map_fd_put_ptr() decreases the ref-counter of the inner map\ndirectly through bpf_map_put(), if the ref-counter is the last one\n(which is true for most cases), the inner map will be freed by\nops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks\ndon't use synchronize_rcu() or its variants to wait for the elapse of a\nRCU grace period, so after the invocation of ops-\u003emap_free completes,\nthe bpf program which is accessing the inner map may incur\nuse-after-free problem.\n\nFix the free of inner map by invoking bpf_map_free_deferred() after both\none RCU grace period and one tasks trace RCU grace period if the inner\nmap has been removed from the outer map before. The deferment is\naccomplished by using call_rcu() or call_rcu_tasks_trace() when\nreleasing the last ref-counter of bpf map. The newly-added rcu_head\nfield in bpf_map shares the same storage space with work field to\nreduce the size of bpf_map.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"photon": 3,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"V3Score": 3.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52447",
"https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6",
"https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0",
"https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368",
"https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2",
"https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5",
"https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee",
"https://lore.kernel.org/linux-cve-announce/2024022255-CVE-2023-52447-e074@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52447",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2023-52447"
],
"PublishedDate": "2024-02-22T17:15:08.58Z",
"LastModifiedDate": "2024-03-27T14:15:09.523Z"
},
{
"VulnerabilityID": "CVE-2023-52452",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52452",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: bpf: Fix accesses to uninit stack slots",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state-\u003eallocated_stack, but not below it. In other words, if the\nstack was already \"large enough\", the access was permitted, but\notherwise the access was rejected instead of being allowed to \"grow the\nstack\". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn't be updated - global_func16 - because it\ncan't run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they're inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction's needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-665"
],
"VendorSeverity": {
"nvd": 3,
"photon": 3,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-52452",
"https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19",
"https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529",
"https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde",
"https://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52452",
"https://www.cve.org/CVERecord?id=CVE-2023-52452"
],
"PublishedDate": "2024-02-22T17:15:08.83Z",
"LastModifiedDate": "2024-03-18T18:24:33.55Z"
},
{
"VulnerabilityID": "CVE-2023-6610",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6610",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: OOB Access in smb2_dump_detail",
"Description": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"alma": 3,
"nvd": 3,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"V3Score": 7.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"V3Score": 7.1
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2024:0723",
"https://access.redhat.com/errata/RHSA-2024:0724",
"https://access.redhat.com/errata/RHSA-2024:0725",
"https://access.redhat.com/errata/RHSA-2024:0881",
"https://access.redhat.com/errata/RHSA-2024:0897",
"https://access.redhat.com/errata/RHSA-2024:1248",
"https://access.redhat.com/security/cve/CVE-2023-6610",
"https://bugzilla.kernel.org/show_bug.cgi?id=218219",
"https://bugzilla.redhat.com/2087568",
"https://bugzilla.redhat.com/2144379",
"https://bugzilla.redhat.com/2161310",
"https://bugzilla.redhat.com/2173403",
"https://bugzilla.redhat.com/2187813",
"https://bugzilla.redhat.com/2187931",
"https://bugzilla.redhat.com/2231800",
"https://bugzilla.redhat.com/2237757",
"https://bugzilla.redhat.com/2244723",
"https://bugzilla.redhat.com/2245514",
"https://bugzilla.redhat.com/2246944",
"https://bugzilla.redhat.com/2246945",
"https://bugzilla.redhat.com/2253611",
"https://bugzilla.redhat.com/2253614",
"https://bugzilla.redhat.com/2253908",
"https://bugzilla.redhat.com/2254052",
"https://bugzilla.redhat.com/2254053",
"https://bugzilla.redhat.com/2254054",
"https://bugzilla.redhat.com/2255139",
"https://bugzilla.redhat.com/show_bug.cgi?id=2253614",
"https://errata.almalinux.org/8/ALSA-2024-0897.html",
"https://linux.oracle.com/cve/CVE-2023-6610.html",
"https://linux.oracle.com/errata/ELSA-2024-1248.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-6610",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://ubuntu.com/security/notices/USN-6724-1",
"https://www.cve.org/CVERecord?id=CVE-2023-6610"
],
"PublishedDate": "2023-12-08T17:15:07.933Z",
"LastModifiedDate": "2024-03-12T04:15:08.08Z"
},
{
"VulnerabilityID": "CVE-2023-7042",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7042",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()",
"Description": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-7042",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255497",
"https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/commit/?h=ath-next\u0026id=ad25ee36f00172f7d53242dc77c69fff7ced0755",
"https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/log/?h=ath-next",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/",
"https://lore.kernel.org/all/20231208043433.271449-1-hdthky0@gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-7042",
"https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/",
"https://www.cve.org/CVERecord?id=CVE-2023-7042"
],
"PublishedDate": "2023-12-21T20:15:09.267Z",
"LastModifiedDate": "2024-01-22T05:15:08.547Z"
},
{
"VulnerabilityID": "CVE-2024-0841",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0841",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: hugetlbfs: Null pointer dereference in hugetlbfs_fill_super function",
"Description": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"nvd": 3,
"photon": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"V3Score": 6.6
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-0841",
"https://bugzilla.redhat.com/show_bug.cgi?id=2256490",
"https://lore.kernel.org/all/20240130210418.3771-1-osalvador@suse.de/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-0841",
"https://www.cve.org/CVERecord?id=CVE-2024-0841"
],
"PublishedDate": "2024-01-28T12:15:52.737Z",
"LastModifiedDate": "2024-02-02T15:38:25.947Z"
},
{
"VulnerabilityID": "CVE-2024-1151",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-1151",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: stack overflow problem in Open vSwitch kernel module leading to DoS",
"Description": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-121"
],
"VendorSeverity": {
"amazon": 3,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-1151",
"https://bugzilla.redhat.com/show_bug.cgi?id=2262241",
"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bd128f62c365 (selftests)",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/",
"https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2024-1151",
"https://www.cve.org/CVERecord?id=CVE-2024-1151"
],
"PublishedDate": "2024-02-11T15:15:07.89Z",
"LastModifiedDate": "2024-02-22T04:15:08.477Z"
},
{
"VulnerabilityID": "CVE-2024-23307",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-23307",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Integer Overflow in raid5_cache_count",
"Description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-190"
],
"VendorSeverity": {
"nvd": 3,
"photon": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-23307",
"https://bugzilla.openanolis.cn/show_bug.cgi?id=7975",
"https://lore.kernel.org/linux-raid/20240112071017.16313-1-2045gemini@gmail.com/#r",
"https://lore.kernel.org/linux-raid/20240112071017.16313-1-2045gemini@gmail.com/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-23307",
"https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/",
"https://www.cve.org/CVERecord?id=CVE-2024-23307"
],
"PublishedDate": "2024-01-25T07:15:09.94Z",
"LastModifiedDate": "2024-01-31T20:38:12.743Z"
},
{
"VulnerabilityID": "CVE-2024-25744",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25744",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: untrusted VMM can trigger int80 syscall handling",
"Description": "In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-25744",
"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7",
"https://git.kernel.org/linus/b82a8dbd3d2f4563156f7150c6f2ecab6e960b30 (6.7-rc5)",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30",
"https://nvd.nist.gov/vuln/detail/CVE-2024-25744",
"https://ubuntu.com/security/notices/USN-6680-1",
"https://ubuntu.com/security/notices/USN-6680-2",
"https://ubuntu.com/security/notices/USN-6680-3",
"https://www.cve.org/CVERecord?id=CVE-2024-25744"
],
"PublishedDate": "2024-02-12T05:15:07.71Z",
"LastModifiedDate": "2024-02-12T14:20:03.287Z"
},
{
"VulnerabilityID": "CVE-2024-26581",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26581",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: nftables: nft_set_rbtree skip end interval element from gc",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active.",
"Severity": "MEDIUM",
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26581",
"https://git.kernel.org/linus/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 (6.8-rc4)",
"https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8",
"https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb",
"https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003",
"https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a",
"https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0",
"https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9",
"https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7",
"https://lore.kernel.org/linux-cve-announce/2024022024-uniquely-recluse-d893@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26581",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-26581"
],
"PublishedDate": "2024-02-20T13:15:09.02Z",
"LastModifiedDate": "2024-02-23T09:15:22.563Z"
},
{
"VulnerabilityID": "CVE-2024-26582",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26582",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: tls: use-after-free with partial reads and async decrypt",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: fix use-after-free with partial reads and async decrypt\n\ntls_decrypt_sg doesn't take a reference on the pages from clear_skb,\nso the put_page() in tls_decrypt_done releases them, and we trigger\na use-after-free in process_rx_list when we try to read from the\npartially-read skb.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"amazon": 3,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"V3Score": 5.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26582",
"https://git.kernel.org/linus/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f (6.8-rc5)",
"https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96",
"https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f",
"https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df",
"https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5",
"https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26582",
"https://www.cve.org/CVERecord?id=CVE-2024-26582"
],
"PublishedDate": "2024-02-21T15:15:09.327Z",
"LastModifiedDate": "2024-03-15T13:56:41.843Z"
},
{
"VulnerabilityID": "CVE-2024-26592",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26592",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "In the Linux kernel, the following vulnerability has been resolved: k ...",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix UAF issue in ksmbd_tcp_new_connection()\n\nThe race is between the handling of a new TCP connection and\nits disconnection. It leads to UAF on `struct tcp_transport` in\nksmbd_tcp_new_connection() function.",
"Severity": "MEDIUM",
"VendorSeverity": {
"ubuntu": 2
},
"References": [
"https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111",
"https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1",
"https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544",
"https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126",
"https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-26592"
],
"PublishedDate": "2024-02-22T17:15:09.217Z",
"LastModifiedDate": "2024-02-23T09:15:22.877Z"
},
{
"VulnerabilityID": "CVE-2024-26594",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26594",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "In the Linux kernel, the following vulnerability has been resolved: k ...",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate mech token in session setup\n\nIf client send invalid mech token in session setup request, ksmbd\nvalidate and make the error if it is invalid.",
"Severity": "MEDIUM",
"VendorSeverity": {
"cbl-mariner": 4,
"ubuntu": 2
},
"References": [
"https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e",
"https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9",
"https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d",
"https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a",
"https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26594",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-26594"
],
"PublishedDate": "2024-02-23T14:15:45.15Z",
"LastModifiedDate": "2024-02-23T16:14:43.447Z"
},
{
"VulnerabilityID": "CVE-2024-26600",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26600",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet's fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26600",
"https://git.kernel.org/linus/7104ba0f1958adb250319e68a15eff89ec4fd36d (6.8-rc3)",
"https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4",
"https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
"https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
"https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b",
"https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d",
"https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
"https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462",
"https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
"https://lore.kernel.org/linux-cve-announce/2024022405-CVE-2024-26600-44a2@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26600",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-26600"
],
"PublishedDate": "2024-02-26T16:27:59.927Z",
"LastModifiedDate": "2024-02-26T16:32:25.577Z"
},
{
"VulnerabilityID": "CVE-2024-26601",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26601",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: ext4: regenerate buddy after block freeing failed if under fc replay",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26601",
"https://git.kernel.org/linus/c9b528c35795b711331ed36dc3dbee90d5812d4e (6.8-rc3)",
"https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581",
"https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4",
"https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a",
"https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326",
"https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e",
"https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb",
"https://lore.kernel.org/linux-cve-announce/2024022411-CVE-2024-26601-b6ac@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26601",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-26601"
],
"PublishedDate": "2024-02-26T16:27:59.987Z",
"LastModifiedDate": "2024-03-01T14:15:54.05Z"
},
{
"VulnerabilityID": "CVE-2024-26603",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26603",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw-\u003exstate_size. fx_sw-\u003exstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw-\u003exstate_size is smaller than the size required by valid bits in\n fx_sw-\u003exfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw-\u003exstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate-\u003euser_size).\n\n[ dhansen: tweak subject / changelog ]",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 2.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26603",
"https://git.kernel.org/linus/d877550eaf2dc9090d782864c96939397a3c6835 (6.8-rc4)",
"https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996",
"https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda",
"https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a",
"https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2",
"https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835",
"https://lore.kernel.org/linux-cve-announce/2024022415-CVE-2024-26603-42c2@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26603",
"https://www.cve.org/CVERecord?id=CVE-2024-26603"
],
"PublishedDate": "2024-02-26T16:28:00.097Z",
"LastModifiedDate": "2024-03-01T14:15:54.097Z"
},
{
"VulnerabilityID": "CVE-2024-26605",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26605",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: PCI/ASPM: Fix deadlock when enabling ASPM",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.7.0 #40 Not tainted\n --------------------------------------------\n kworker/u16:5/90 is trying to acquire lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n but task is already holding lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(pci_bus_sem);\n lock(pci_bus_sem);\n\n *** DEADLOCK ***\n\n Call trace:\n print_deadlock_bug+0x25c/0x348\n __lock_acquire+0x10a4/0x2064\n lock_acquire+0x1e8/0x318\n down_read+0x60/0x184\n pcie_aspm_pm_state_change+0x58/0xdc\n pci_set_full_power_state+0xa8/0x114\n pci_set_power_state+0xc4/0x120\n qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n pci_walk_bus+0x64/0xbc\n qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26605",
"https://git.kernel.org/linus/1e560864159d002b453da42bd2c13a1805515a20 (6.8-rc3)",
"https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20",
"https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70",
"https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26605",
"https://www.cve.org/CVERecord?id=CVE-2024-26605"
],
"PublishedDate": "2024-02-26T16:28:00.207Z",
"LastModifiedDate": "2024-02-26T16:32:25.577Z"
},
{
"VulnerabilityID": "CVE-2024-26622",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26622",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: tomoyo: fix UAF write bug in tomoyo_write_control()",
"Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"Severity": "MEDIUM",
"VendorSeverity": {
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-26622",
"https://git.kernel.org/linus/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 (6.8-rc7)",
"https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f",
"https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815",
"https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824",
"https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711",
"https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc",
"https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/",
"https://lore.kernel.org/linux-cve-announce/2024030409-CVE-2024-26622-9e01@gregkh/",
"https://nvd.nist.gov/vuln/detail/CVE-2024-26622",
"https://www.cve.org/CVERecord?id=CVE-2024-26622"
],
"PublishedDate": "2024-03-04T07:15:11.063Z",
"LastModifiedDate": "2024-03-13T03:15:06.49Z"
},
{
"VulnerabilityID": "CVE-2017-0537",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0537",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.",
"Severity": "LOW",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"nvd": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V2Score": 2.6,
"V3Score": 4.7
}
},
"References": [
"http://www.securityfocus.com/bid/96831",
"http://www.securitytracker.com/id/1037968",
"https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0",
"https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t",
"https://source.android.com/security/bulletin/2017-01-01.html",
"https://source.android.com/security/bulletin/2017-03-01",
"https://source.android.com/security/bulletin/2017-03-01.html",
"https://www.cve.org/CVERecord?id=CVE-2017-0537"
],
"PublishedDate": "2017-03-08T01:59:03.127Z",
"LastModifiedDate": "2017-07-17T13:18:15.89Z"
},
{
"VulnerabilityID": "CVE-2017-13165",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13165",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.",
"Severity": "LOW",
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 4.6,
"V3Score": 7.8
}
},
"References": [
"https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a",
"https://source.android.com/security/bulletin/pixel/2017-12-01",
"https://www.cve.org/CVERecord?id=CVE-2017-13165"
],
"PublishedDate": "2017-12-06T14:29:01.333Z",
"LastModifiedDate": "2019-10-03T00:03:26.223Z"
},
{
"VulnerabilityID": "CVE-2017-13693",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13693",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: ACPI operand cache leak in dsutils.c",
"Description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",
"Severity": "LOW",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V2Score": 4.9,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/100502",
"https://access.redhat.com/security/cve/CVE-2017-13693",
"https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732",
"https://nvd.nist.gov/vuln/detail/CVE-2017-13693",
"https://patchwork.kernel.org/patch/9919053/",
"https://www.cve.org/CVERecord?id=CVE-2017-13693"
],
"PublishedDate": "2017-08-25T08:29:00.273Z",
"LastModifiedDate": "2017-09-20T14:51:00.41Z"
},
{
"VulnerabilityID": "CVE-2018-1121",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "procps-ng, procps: process hiding through race condition enumerating /proc",
"Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",
"Severity": "LOW",
"CweIDs": [
"CWE-362",
"CWE-367"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V2Score": 4.3,
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"V3Score": 3.9
}
},
"References": [
"http://seclists.org/oss-sec/2018/q2/122",
"http://www.securityfocus.com/bid/104214",
"https://access.redhat.com/security/cve/CVE-2018-1121",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121",
"https://nvd.nist.gov/vuln/detail/CVE-2018-1121",
"https://www.cve.org/CVERecord?id=CVE-2018-1121",
"https://www.exploit-db.com/exploits/44806/",
"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
],
"PublishedDate": "2018-06-13T20:29:00.337Z",
"LastModifiedDate": "2020-06-30T16:15:14.393Z"
},
{
"VulnerabilityID": "CVE-2018-12928",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12928",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko",
"Description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.",
"Severity": "LOW",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.9,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5
}
},
"References": [
"http://www.securityfocus.com/bid/104593",
"https://access.redhat.com/security/cve/CVE-2018-12928",
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384",
"https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ",
"https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/",
"https://marc.info/?l=linux-fsdevel\u0026m=152407263325766\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12928",
"https://www.cve.org/CVERecord?id=CVE-2018-12928"
],
"PublishedDate": "2018-06-28T14:29:00.353Z",
"LastModifiedDate": "2018-08-21T11:55:37.35Z"
},
{
"VulnerabilityID": "CVE-2018-12929",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12929",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko",
"Description": "ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.",
"Severity": "LOW",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.9,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.6
}
},
"References": [
"http://www.securityfocus.com/bid/104588",
"https://access.redhat.com/errata/RHSA-2019:0641",
"https://access.redhat.com/security/cve/CVE-2018-12929",
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
"https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12929",
"https://www.cve.org/CVERecord?id=CVE-2018-12929"
],
"PublishedDate": "2018-06-28T14:29:00.417Z",
"LastModifiedDate": "2019-03-26T13:35:51.317Z"
},
{
"VulnerabilityID": "CVE-2018-12930",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12930",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko",
"Description": "ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 7.2,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.6
}
},
"References": [
"http://www.securityfocus.com/bid/104588",
"https://access.redhat.com/errata/RHSA-2019:0641",
"https://access.redhat.com/security/cve/CVE-2018-12930",
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
"https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12930",
"https://www.cve.org/CVERecord?id=CVE-2018-12930"
],
"PublishedDate": "2018-06-28T14:29:00.463Z",
"LastModifiedDate": "2019-03-26T13:35:37.397Z"
},
{
"VulnerabilityID": "CVE-2018-12931",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12931",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko",
"Description": "ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 7.2,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.6
}
},
"References": [
"http://www.securityfocus.com/bid/104588",
"https://access.redhat.com/errata/RHSA-2019:0641",
"https://access.redhat.com/security/cve/CVE-2018-12931",
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
"https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2018-12931",
"https://www.cve.org/CVERecord?id=CVE-2018-12931"
],
"PublishedDate": "2018-06-28T14:29:00.51Z",
"LastModifiedDate": "2019-03-26T13:35:20.957Z"
},
{
"VulnerabilityID": "CVE-2019-14899",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14899",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel",
"Description": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.",
"Severity": "LOW",
"CweIDs": [
"CWE-300"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"V2Score": 4.9,
"V3Score": 7.4
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.4
}
},
"References": [
"http://seclists.org/fulldisclosure/2020/Dec/32",
"http://seclists.org/fulldisclosure/2020/Jul/23",
"http://seclists.org/fulldisclosure/2020/Jul/24",
"http://seclists.org/fulldisclosure/2020/Jul/25",
"http://seclists.org/fulldisclosure/2020/Nov/20",
"http://www.openwall.com/lists/oss-security/2020/08/13/2",
"http://www.openwall.com/lists/oss-security/2020/10/07/3",
"http://www.openwall.com/lists/oss-security/2021/07/05/1",
"https://access.redhat.com/security/cve/CVE-2019-14899",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899",
"https://nvd.nist.gov/vuln/detail/CVE-2019-14899",
"https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/",
"https://support.apple.com/kb/HT211288",
"https://support.apple.com/kb/HT211289",
"https://support.apple.com/kb/HT211290",
"https://support.apple.com/kb/HT211850",
"https://support.apple.com/kb/HT211931",
"https://www.cve.org/CVERecord?id=CVE-2019-14899",
"https://www.openwall.com/lists/oss-security/2019/12/05/1"
],
"PublishedDate": "2019-12-11T15:15:14.263Z",
"LastModifiedDate": "2023-03-01T16:40:04.14Z"
},
{
"VulnerabilityID": "CVE-2019-15213",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15213",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c",
"Description": "An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.",
"Severity": "LOW",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 3,
"photon": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 4.9,
"V3Score": 4.6
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 4.3
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html",
"http://www.openwall.com/lists/oss-security/2019/08/20/2",
"https://access.redhat.com/security/cve/CVE-2019-15213",
"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7",
"https://linux.oracle.com/cve/CVE-2019-15213.html",
"https://linux.oracle.com/errata/ELSA-2019-4872.html",
"https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/",
"https://nvd.nist.gov/vuln/detail/CVE-2019-15213",
"https://security.netapp.com/advisory/ntap-20190905-0002/",
"https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced",
"https://www.cve.org/CVERecord?id=CVE-2019-15213"
],
"PublishedDate": "2019-08-19T22:15:11.253Z",
"LastModifiedDate": "2023-11-09T14:44:33.733Z"
},
{
"VulnerabilityID": "CVE-2019-19378",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19378",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c",
"Description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V2Score": 6.8,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-19378",
"https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378",
"https://nvd.nist.gov/vuln/detail/CVE-2019-19378",
"https://security.netapp.com/advisory/ntap-20200103-0001/",
"https://www.cve.org/CVERecord?id=CVE-2019-19378"
],
"PublishedDate": "2019-11-29T17:15:11.84Z",
"LastModifiedDate": "2020-01-03T11:15:14.997Z"
},
{
"VulnerabilityID": "CVE-2019-19814",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19814",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c",
"Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.",
"Severity": "LOW",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V2Score": 9.3,
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"V3Score": 7.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-19814",
"https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814",
"https://nvd.nist.gov/vuln/detail/CVE-2019-19814",
"https://security.netapp.com/advisory/ntap-20200103-0001/",
"https://www.cve.org/CVERecord?id=CVE-2019-19814"
],
"PublishedDate": "2019-12-17T06:15:12.843Z",
"LastModifiedDate": "2020-01-03T11:15:16.48Z"
},
{
"VulnerabilityID": "CVE-2020-14304",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14304",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ethtool when reading eeprom of device could lead to memory leak",
"Description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.",
"Severity": "LOW",
"CweIDs": [
"CWE-460",
"CWE-755"
],
"VendorSeverity": {
"nvd": 2,
"oracle-oval": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"V2Score": 2.1,
"V3Score": 4.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 4.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2020-14304",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304",
"https://linux.oracle.com/cve/CVE-2020-14304.html",
"https://linux.oracle.com/errata/ELSA-2021-9410.html",
"https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-14304",
"https://www.cve.org/CVERecord?id=CVE-2020-14304"
],
"PublishedDate": "2020-09-15T20:15:13.103Z",
"LastModifiedDate": "2023-02-12T22:15:16.107Z"
},
{
"VulnerabilityID": "CVE-2020-35501",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35501",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability",
"Description": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem",
"Severity": "LOW",
"CweIDs": [
"CWE-863"
],
"VendorSeverity": {
"cbl-mariner": 1,
"nvd": 1,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"V2Score": 3.6,
"V3Score": 3.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 3.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2020-35501",
"https://bugzilla.redhat.com/show_bug.cgi?id=1908577",
"https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-35501",
"https://www.cve.org/CVERecord?id=CVE-2020-35501",
"https://www.openwall.com/lists/oss-security/2021/02/18/1"
],
"PublishedDate": "2022-03-30T16:15:08.673Z",
"LastModifiedDate": "2022-12-02T19:54:37.647Z"
},
{
"VulnerabilityID": "CVE-2021-26934",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26934",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...",
"Description": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.",
"Severity": "LOW",
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 4.6,
"V3Score": 7.8
}
},
"References": [
"http://xenbits.xen.org/xsa/advisory-363.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-26934",
"https://security.netapp.com/advisory/ntap-20210326-0001/",
"https://www.cve.org/CVERecord?id=CVE-2021-26934",
"https://www.openwall.com/lists/oss-security/2021/02/16/2",
"https://xenbits.xen.org/xsa/advisory-363.html"
],
"PublishedDate": "2021-02-17T02:15:13.143Z",
"LastModifiedDate": "2023-11-07T03:31:50.59Z"
},
{
"VulnerabilityID": "CVE-2022-3114",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3114",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "NULL pointer dereference in imx_register_uart_clocks()",
"Description": "An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.",
"Severity": "LOW",
"CweIDs": [
"CWE-476"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-3114",
"https://bugzilla.redhat.com/show_bug.cgi?id=2153054",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037",
"https://nvd.nist.gov/vuln/detail/CVE-2022-3114",
"https://www.cve.org/CVERecord?id=CVE-2022-3114"
],
"PublishedDate": "2022-12-14T21:15:12.783Z",
"LastModifiedDate": "2022-12-16T21:23:11.37Z"
},
{
"VulnerabilityID": "CVE-2022-41848",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41848",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Race condition between mgslpc_ioctl and mgslpc_detach",
"Description": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.",
"Severity": "LOW",
"CweIDs": [
"CWE-362",
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.2
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-41848",
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c",
"https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270",
"https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270",
"https://nvd.nist.gov/vuln/detail/CVE-2022-41848",
"https://www.cve.org/CVERecord?id=CVE-2022-41848"
],
"PublishedDate": "2022-09-30T06:15:11.58Z",
"LastModifiedDate": "2023-11-07T03:53:02.36Z"
},
{
"VulnerabilityID": "CVE-2022-44032",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44032",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Race between cmm_open() and cm4000_detach() result in UAF",
"Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",
"Severity": "LOW",
"CweIDs": [
"CWE-362"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-44032",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15",
"https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/",
"https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/",
"https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/",
"https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-44032",
"https://www.cve.org/CVERecord?id=CVE-2022-44032"
],
"PublishedDate": "2022-10-30T01:15:08.823Z",
"LastModifiedDate": "2024-03-25T01:15:52.653Z"
},
{
"VulnerabilityID": "CVE-2022-44033",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44033",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "A race condition between cm4040_open() and reader_detach() may result in UAF",
"Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",
"Severity": "LOW",
"CweIDs": [
"CWE-362"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-44033",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15",
"https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/",
"https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/",
"https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/",
"https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-44033",
"https://www.cve.org/CVERecord?id=CVE-2022-44033"
],
"PublishedDate": "2022-10-30T01:15:08.88Z",
"LastModifiedDate": "2024-03-25T01:15:52.727Z"
},
{
"VulnerabilityID": "CVE-2022-44034",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44034",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "A use-after-free due to race between scr24x_open() and scr24x_remove()",
"Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().",
"Severity": "LOW",
"CweIDs": [
"CWE-362"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-44034",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15",
"https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/",
"https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/",
"https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/",
"https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-44034",
"https://www.cve.org/CVERecord?id=CVE-2022-44034"
],
"PublishedDate": "2022-10-30T01:15:08.937Z",
"LastModifiedDate": "2024-03-25T01:15:52.787Z"
},
{
"VulnerabilityID": "CVE-2022-45884",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45884",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: use-after-free due to race condition occurring in dvb_register_device()",
"Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",
"Severity": "LOW",
"CweIDs": [
"CWE-362",
"CWE-416"
],
"VendorSeverity": {
"alma": 3,
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 3,
"redhat": 2,
"rocky": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:7549",
"https://access.redhat.com/security/cve/CVE-2022-45884",
"https://bugzilla.redhat.com/2148510",
"https://bugzilla.redhat.com/2148517",
"https://bugzilla.redhat.com/2151956",
"https://bugzilla.redhat.com/2154178",
"https://bugzilla.redhat.com/2224048",
"https://bugzilla.redhat.com/2240249",
"https://bugzilla.redhat.com/2241924",
"https://bugzilla.redhat.com/show_bug.cgi?id=2148510",
"https://bugzilla.redhat.com/show_bug.cgi?id=2148517",
"https://bugzilla.redhat.com/show_bug.cgi?id=2151956",
"https://bugzilla.redhat.com/show_bug.cgi?id=2154178",
"https://bugzilla.redhat.com/show_bug.cgi?id=2224048",
"https://bugzilla.redhat.com/show_bug.cgi?id=2240249",
"https://bugzilla.redhat.com/show_bug.cgi?id=2241924",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178",
"https://errata.almalinux.org/8/ALSA-2023-7549.html",
"https://errata.rockylinux.org/RLSA-2023:7549",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3",
"https://linux.oracle.com/cve/CVE-2022-45884.html",
"https://linux.oracle.com/errata/ELSA-2023-7549.html",
"https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/",
"https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-45884",
"https://security.netapp.com/advisory/ntap-20230113-0006/",
"https://www.cve.org/CVERecord?id=CVE-2022-45884"
],
"PublishedDate": "2022-11-25T04:15:09.18Z",
"LastModifiedDate": "2024-03-25T01:15:52.84Z"
},
{
"VulnerabilityID": "CVE-2022-45885",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45885",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: use-after-free due to race condition occurring in dvb_frontend.c",
"Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.",
"Severity": "LOW",
"CweIDs": [
"CWE-362",
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-45885",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f",
"https://linux.oracle.com/cve/CVE-2022-45885.html",
"https://linux.oracle.com/errata/ELSA-2023-12207.html",
"https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/",
"https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/",
"https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-45885",
"https://security.netapp.com/advisory/ntap-20230113-0006/",
"https://www.cve.org/CVERecord?id=CVE-2022-45885"
],
"PublishedDate": "2022-11-25T04:15:09.23Z",
"LastModifiedDate": "2024-03-25T01:15:52.953Z"
},
{
"VulnerabilityID": "CVE-2022-45888",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45888",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: use-after-free due to race condition in drivers/char/xillybus/xillyusb.c",
"Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.",
"Severity": "LOW",
"CweIDs": [
"CWE-362",
"CWE-416"
],
"VendorSeverity": {
"cbl-mariner": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 6.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-45888",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920",
"https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu/",
"https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/",
"https://nvd.nist.gov/vuln/detail/CVE-2022-45888",
"https://security.netapp.com/advisory/ntap-20230113-0006/",
"https://www.cve.org/CVERecord?id=CVE-2022-45888"
],
"PublishedDate": "2022-11-25T04:15:09.36Z",
"LastModifiedDate": "2024-03-25T01:15:53.18Z"
},
{
"VulnerabilityID": "CVE-2023-1989",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1989",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Use after free bug in btsdio_remove due to race condition",
"Description": "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",
"Severity": "LOW",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"alma": 3,
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2023:7077",
"https://access.redhat.com/security/cve/CVE-2023-1989",
"https://bugzilla.redhat.com/2024989",
"https://bugzilla.redhat.com/2073091",
"https://bugzilla.redhat.com/2133453",
"https://bugzilla.redhat.com/2133455",
"https://bugzilla.redhat.com/2139610",
"https://bugzilla.redhat.com/2147356",
"https://bugzilla.redhat.com/2148520",
"https://bugzilla.redhat.com/2149024",
"https://bugzilla.redhat.com/2151317",
"https://bugzilla.redhat.com/2156322",
"https://bugzilla.redhat.com/2165741",
"https://bugzilla.redhat.com/2165926",
"https://bugzilla.redhat.com/2168332",
"https://bugzilla.redhat.com/2173403",
"https://bugzilla.redhat.com/2173430",
"https://bugzilla.redhat.com/2173434",
"https://bugzilla.redhat.com/2173444",
"https://bugzilla.redhat.com/2174400",
"https://bugzilla.redhat.com/2175903",
"https://bugzilla.redhat.com/2176140",
"https://bugzilla.redhat.com/2177371",
"https://bugzilla.redhat.com/2177389",
"https://bugzilla.redhat.com/2181330",
"https://bugzilla.redhat.com/2182443",
"https://bugzilla.redhat.com/2184578",
"https://bugzilla.redhat.com/2185945",
"https://bugzilla.redhat.com/2187257",
"https://bugzilla.redhat.com/2188468",
"https://bugzilla.redhat.com/2192667",
"https://bugzilla.redhat.com/2192671",
"https://bugzilla.redhat.com/2193097",
"https://bugzilla.redhat.com/2193219",
"https://bugzilla.redhat.com/2213139",
"https://bugzilla.redhat.com/2213199",
"https://bugzilla.redhat.com/2213485",
"https://bugzilla.redhat.com/2213802",
"https://bugzilla.redhat.com/2214348",
"https://bugzilla.redhat.com/2215502",
"https://bugzilla.redhat.com/2215835",
"https://bugzilla.redhat.com/2215836",
"https://bugzilla.redhat.com/2215837",
"https://bugzilla.redhat.com/2218195",
"https://bugzilla.redhat.com/2218212",
"https://bugzilla.redhat.com/2218943",
"https://bugzilla.redhat.com/2221707",
"https://bugzilla.redhat.com/2223949",
"https://bugzilla.redhat.com/2225191",
"https://bugzilla.redhat.com/2225201",
"https://bugzilla.redhat.com/2225511",
"https://bugzilla.redhat.com/2236982",
"https://errata.almalinux.org/8/ALSA-2023-7077.html",
"https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)",
"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088",
"https://linux.oracle.com/cve/CVE-2023-1989.html",
"https://linux.oracle.com/errata/ELSA-2023-7077.html",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-1989",
"https://security.netapp.com/advisory/ntap-20230601-0004/",
"https://ubuntu.com/security/notices/USN-6033-1",
"https://ubuntu.com/security/notices/USN-6175-1",
"https://ubuntu.com/security/notices/USN-6186-1",
"https://www.cve.org/CVERecord?id=CVE-2023-1989",
"https://www.debian.org/security/2023/dsa-5492"
],
"PublishedDate": "2023-04-11T21:15:15.503Z",
"LastModifiedDate": "2024-01-11T19:15:09.05Z"
},
{
"VulnerabilityID": "CVE-2023-33053",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-33053",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Description": "Memory corruption in Kernel while parsing metadata.",
"Severity": "LOW",
"CweIDs": [
"CWE-129"
],
"VendorSeverity": {
"nvd": 3,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e",
"https://www.cve.org/CVERecord?id=CVE-2023-33053",
"https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
],
"PublishedDate": "2023-12-05T03:15:11.707Z",
"LastModifiedDate": "2024-04-12T16:15:18.403Z"
},
{
"VulnerabilityID": "CVE-2023-4010",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4010",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()",
"Description": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.",
"Severity": "LOW",
"CweIDs": [
"CWE-835"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.6
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.6
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-4010",
"https://bugzilla.redhat.com/show_bug.cgi?id=2227726",
"https://github.com/wanrenmi/a-usb-kernel-bug",
"https://github.com/wanrenmi/a-usb-kernel-bug/issues/1",
"https://nvd.nist.gov/vuln/detail/CVE-2023-4010",
"https://www.cve.org/CVERecord?id=CVE-2023-4010"
],
"PublishedDate": "2023-07-31T17:15:10.277Z",
"LastModifiedDate": "2023-11-07T04:22:02.797Z"
},
{
"VulnerabilityID": "CVE-2023-4133",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4133",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: cxgb4: use-after-free in ch_flower_stats_cb()",
"Description": "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.",
"Severity": "LOW",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-4133",
"https://bugzilla.redhat.com/show_bug.cgi?id=2221702",
"https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)",
"https://nvd.nist.gov/vuln/detail/CVE-2023-4133",
"https://www.cve.org/CVERecord?id=CVE-2023-4133"
],
"PublishedDate": "2023-08-03T15:15:33.94Z",
"LastModifiedDate": "2023-11-07T04:22:09.803Z"
},
{
"VulnerabilityID": "CVE-2023-47233",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47233",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: Use after free in brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c",
"Description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
"Severity": "LOW",
"CweIDs": [
"CWE-416"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 4.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-47233",
"https://bugzilla.suse.com/show_bug.cgi?id=1216702",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78",
"https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/",
"https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/",
"https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2",
"https://nvd.nist.gov/vuln/detail/CVE-2023-47233",
"https://www.cve.org/CVERecord?id=CVE-2023-47233"
],
"PublishedDate": "2023-11-03T21:15:17.36Z",
"LastModifiedDate": "2024-03-25T01:15:54.803Z"
},
{
"VulnerabilityID": "CVE-2024-0564",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0564",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication",
"Description": "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page.",
"Severity": "LOW",
"CweIDs": [
"CWE-203"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-0564",
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513",
"https://bugzilla.redhat.com/show_bug.cgi?id=2258514",
"https://link.springer.com/conference/wisa",
"https://nvd.nist.gov/vuln/detail/CVE-2024-0564",
"https://wisa.or.kr/accepted",
"https://www.cve.org/CVERecord?id=CVE-2024-0564"
],
"PublishedDate": "2024-01-30T15:15:08.687Z",
"LastModifiedDate": "2024-02-08T16:36:48.837Z"
},
{
"VulnerabilityID": "CVE-2024-23849",
"PkgID": "linux-libc-dev@5.15.0-102.112",
"PkgName": "linux-libc-dev",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-102.112?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.15.0-102.112",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-23849",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "kernel: off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access",
"Description": "In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.",
"Severity": "LOW",
"CweIDs": [
"CWE-193"
],
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 2,
"nvd": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"V3Score": 7.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-23849",
"https://bugzilla.suse.com/show_bug.cgi?id=1219127",
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52",
"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=13e788deb734",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/",
"https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/",
"https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com",
"https://nvd.nist.gov/vuln/detail/CVE-2024-23849",
"https://ubuntu.com/security/notices/USN-6688-1",
"https://www.cve.org/CVERecord?id=CVE-2024-23849"
],
"PublishedDate": "2024-01-23T09:15:36.05Z",
"LastModifiedDate": "2024-03-25T01:15:55.107Z"
},
{
"VulnerabilityID": "CVE-2023-29383",
"PkgID": "login@1:4.8.1-2ubuntu2.2",
"PkgName": "login",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=arm64\u0026distro=ubuntu-22.04\u0026epoch=1"
},
"InstalledVersion": "1:4.8.1-2ubuntu2.2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper input validation in shadow-utils package utility chfn",
"Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.",
"Severity": "LOW",
"CweIDs": [
"CWE-74"
],
"VendorSeverity": {
"nvd": 1,
"photon": 1,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-29383",
"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d",
"https://github.com/shadow-maint/shadow/pull/687",
"https://nvd.nist.gov/vuln/detail/CVE-2023-29383",
"https://www.cve.org/CVERecord?id=CVE-2023-29383",
"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/",
"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797"
],
"PublishedDate": "2023-04-14T22:15:07.68Z",
"LastModifiedDate": "2023-04-24T18:05:30.313Z"
},
{
"VulnerabilityID": "CVE-2023-45918",
"PkgID": "ncurses-base@6.3-2ubuntu0.1",
"PkgName": "ncurses-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...",
"Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"ubuntu": 1
},
"References": [
"https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"https://security.netapp.com/advisory/ntap-20240315-0006/",
"https://www.cve.org/CVERecord?id=CVE-2023-45918"
],
"PublishedDate": "2024-02-16T22:15:07.88Z",
"LastModifiedDate": "2024-03-15T11:15:08.51Z"
},
{
"VulnerabilityID": "CVE-2023-50495",
"PkgID": "ncurses-base@6.3-2ubuntu0.1",
"PkgName": "ncurses-base",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses: segmentation fault via _nc_wrap_entry()",
"Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-50495",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
"https://security.netapp.com/advisory/ntap-20240119-0008/",
"https://ubuntu.com/security/notices/USN-6684-1",
"https://www.cve.org/CVERecord?id=CVE-2023-50495"
],
"PublishedDate": "2023-12-12T15:15:07.867Z",
"LastModifiedDate": "2024-01-31T03:15:08.49Z"
},
{
"VulnerabilityID": "CVE-2023-45918",
"PkgID": "ncurses-bin@6.3-2ubuntu0.1",
"PkgName": "ncurses-bin",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45918",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...",
"Description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"ubuntu": 1
},
"References": [
"https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"https://security.netapp.com/advisory/ntap-20240315-0006/",
"https://www.cve.org/CVERecord?id=CVE-2023-45918"
],
"PublishedDate": "2024-02-16T22:15:07.88Z",
"LastModifiedDate": "2024-03-15T11:15:08.51Z"
},
{
"VulnerabilityID": "CVE-2023-50495",
"PkgID": "ncurses-bin@6.3-2ubuntu0.1",
"PkgName": "ncurses-bin",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "6.3-2ubuntu0.1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "ncurses: segmentation fault via _nc_wrap_entry()",
"Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
"Severity": "LOW",
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-50495",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"https://nvd.nist.gov/vuln/detail/CVE-2023-50495",
"https://security.netapp.com/advisory/ntap-20240119-0008/",
"https://ubuntu.com/security/notices/USN-6684-1",
"https://www.cve.org/CVERecord?id=CVE-2023-50495"
],
"PublishedDate": "2023-12-12T15:15:07.867Z",
"LastModifiedDate": "2024-01-31T03:15:08.49Z"
},
{
"VulnerabilityID": "CVE-2023-51767",
"PkgID": "openssh-client@1:8.9p1-3ubuntu0.6",
"PkgName": "openssh-client",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/openssh-client@8.9p1-3ubuntu0.6?arch=arm64\u0026distro=ubuntu-22.04\u0026epoch=1"
},
"InstalledVersion": "1:8.9p1-3ubuntu0.6",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-51767",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "openssh: authentication bypass via row hammer attack",
"Description": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"Severity": "MEDIUM",
"VendorSeverity": {
"cbl-mariner": 3,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://nvd.nist.gov/vuln/detail/CVE-2023-51767",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767",
"https://www.cve.org/CVERecord?id=CVE-2023-51767"
],
"PublishedDate": "2023-12-24T07:15:07.41Z",
"LastModifiedDate": "2024-02-27T15:51:55.813Z"
},
{
"VulnerabilityID": "CVE-2023-29383",
"PkgID": "passwd@1:4.8.1-2ubuntu2.2",
"PkgName": "passwd",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=arm64\u0026distro=ubuntu-22.04\u0026epoch=1"
},
"InstalledVersion": "1:4.8.1-2ubuntu2.2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:98e1bc7256b3258078fc20c212ef0791298ce15019cb27c241a5e69e6409ecb2"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Improper input validation in shadow-utils package utility chfn",
"Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.",
"Severity": "LOW",
"CweIDs": [
"CWE-74"
],
"VendorSeverity": {
"nvd": 1,
"photon": 1,
"redhat": 2,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 3.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-29383",
"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d",
"https://github.com/shadow-maint/shadow/pull/687",
"https://nvd.nist.gov/vuln/detail/CVE-2023-29383",
"https://www.cve.org/CVERecord?id=CVE-2023-29383",
"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/",
"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797"
],
"PublishedDate": "2023-04-14T22:15:07.68Z",
"LastModifiedDate": "2023-04-24T18:05:30.313Z"
},
{
"VulnerabilityID": "CVE-2018-6952",
"PkgID": "patch@2.7.6-7build2",
"PkgName": "patch",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.7.6-7build2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "patch: Double free of memory in pch.c:another_hunk() causes a crash",
"Description": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.",
"Severity": "LOW",
"CweIDs": [
"CWE-415"
],
"VendorSeverity": {
"amazon": 3,
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 1,
"photon": 3,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"http://www.securityfocus.com/bid/103047",
"https://access.redhat.com/errata/RHSA-2019:2033",
"https://access.redhat.com/security/cve/CVE-2018-6952",
"https://linux.oracle.com/cve/CVE-2018-6952.html",
"https://linux.oracle.com/errata/ELSA-2019-2033.html",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6952",
"https://savannah.gnu.org/bugs/index.php?53133",
"https://security.gentoo.org/glsa/201904-17",
"https://www.cve.org/CVERecord?id=CVE-2018-6952"
],
"PublishedDate": "2018-02-13T19:29:00.573Z",
"LastModifiedDate": "2019-04-17T20:29:01.727Z"
},
{
"VulnerabilityID": "CVE-2021-45261",
"PkgID": "patch@2.7.6-7build2",
"PkgName": "patch",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "2.7.6-7build2",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Invalid Pointer via another_hunk function",
"Description": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.",
"Severity": "LOW",
"CweIDs": [
"CWE-763"
],
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2021-45261",
"https://nvd.nist.gov/vuln/detail/CVE-2021-45261",
"https://savannah.gnu.org/bugs/?61685",
"https://www.cve.org/CVERecord?id=CVE-2021-45261"
],
"PublishedDate": "2021-12-22T18:15:08.1Z",
"LastModifiedDate": "2021-12-28T14:24:34.243Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "python3.10@3.10.12-1~22.04.3",
"PkgName": "python3.10",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2023-27043",
"PkgID": "python3.10-minimal@3.10.12-1~22.04.3",
"PkgName": "python3.10-minimal",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.3?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "3.10.12-1~22.04.3",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27043",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple",
"Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"bitnami": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"http://python.org",
"https://access.redhat.com/articles/7051467",
"https://access.redhat.com/errata/RHSA-2024:0466",
"https://access.redhat.com/security/cve/CVE-2023-27043",
"https://bugzilla.redhat.com/2196183",
"https://bugzilla.redhat.com/show_bug.cgi?id=2196183",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043",
"https://errata.almalinux.org/9/ALSA-2024-0466.html",
"https://errata.rockylinux.org/RLSA-2024:0256",
"https://github.com/python/cpython/issues/102988",
"https://github.com/python/cpython/pull/102990",
"https://github.com/python/cpython/pull/105127",
"https://linux.oracle.com/cve/CVE-2023-27043.html",
"https://linux.oracle.com/errata/ELSA-2024-0466.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27043",
"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html",
"https://security.netapp.com/advisory/ntap-20230601-0003/",
"https://www.cve.org/CVERecord?id=CVE-2023-27043"
],
"PublishedDate": "2023-04-19T00:15:07.973Z",
"LastModifiedDate": "2024-02-26T16:27:45.78Z"
},
{
"VulnerabilityID": "CVE-2020-22916",
"PkgID": "xz-utils@5.2.5-2ubuntu1",
"PkgName": "xz-utils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/xz-utils@5.2.5-2ubuntu1?arch=arm64\u0026distro=ubuntu-22.04"
},
"InstalledVersion": "5.2.5-2ubuntu1",
"Status": "affected",
"Layer": {
"DiffID": "sha256:242975a7f6eaaa7f9d742a426739d645777f5b1bf66427a88b5f9781ed87f825"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-22916",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "Denial of service via decompression of crafted file",
"Description": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of \"endless output\" and \"denial of service\" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.",
"Severity": "MEDIUM",
"VendorSeverity": {
"nvd": 2,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
"https://access.redhat.com/security/cve/CVE-2020-22916",
"https://bugzilla.redhat.com/show_bug.cgi?id=2234987",
"https://bugzilla.suse.com/show_bug.cgi?id=1214590",
"https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
"https://github.com/tukaani-project/xz/issues/61",
"https://nvd.nist.gov/vuln/detail/CVE-2020-22916",
"https://security-tracker.debian.org/tracker/CVE-2020-22916",
"https://tukaani.org/xz/",
"https://www.cve.org/CVERecord?id=CVE-2020-22916"
],
"PublishedDate": "2023-08-22T19:16:19.407Z",
"LastModifiedDate": "2024-04-11T01:07:48.443Z"
}
]
},
{
"Target": "/app/.build/checkouts/realm-core/certificate-authority/root-ca/key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-core/certificate-authority/signing-ca/key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-swift/Realm/ObjectServerTests/certificates/ca-key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-swift/Realm/ObjectServerTests/certificates/localhost-cert-key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-core/certificate-authority/certs/dns-checked-server.key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-core/certificate-authority/certs/ip-server.key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN PRIVATE KEY-----***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN PRIVATE KEY-----***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "-----BEGIN PRIVATE KEY-----***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
},
{
"Target": "/app/.build/checkouts/realm-core/certificate-authority/certs/localhost-server.key.pem",
"Class": "secret",
"Secrets": [
{
"RuleID": "private-key",
"Category": "AsymmetricPrivateKey",
"Severity": "HIGH",
"Title": "Asymmetric Private Key",
"StartLine": 1,
"EndLine": 1,
"Code": {
"Lines": [
{
"Number": 1,
"Content": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
"FirstCause": true,
"LastCause": true
},
{
"Number": 2,
"Content": "",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"FirstCause": false,
"LastCause": false
}
]
},
"Match": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
"Layer": {
"DiffID": "sha256:65e510518204f14354f2f110b31f136789db2cb612a14412bbb90f32e7243be6",
"CreatedBy": "RUN /bin/sh -c swift package resolve # buildkit"
}
}
]
}
]
}
Expected Outcomes
-
Examine relevant resources for swift security advisory. -
Add examples of the results found in this spike. -
Create new issues to add the relevant advisories to GLAD.
Edited by Olivier Gonzalez