diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..5909985 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,51 @@ +name: "build" +on: [push, pull_request] +env: + TRIVY_VERSION: 0.44.0 + COPA_VERSION: 0.3.0 + BUILDKIT_VERSION: 0.12.0 +permissions: read-all +jobs: + build: + name: build + runs-on: ubuntu-latest + steps: + - name: Setup BATS + uses: mig4/setup-bats@v1 + with: + bats-version: 1.7.0 + + - name: Check out code + uses: actions/checkout@v3.5.3 + + - name: Install Trivy + run: | + curl -fsSL -o trivy.tar.gz https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz + tar -zxvf trivy.tar.gz + cp trivy /usr/local/bin/ + + - name: Set up Docker + uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 + + - name: Pull docker.io/library/nginx:1.21.6 + run: docker pull docker.io/library/nginx:1.21.6 + + - name: Install Copa + run: | + curl --retry 5 -fsSL -o copa.tar.gz https://github.com/project-copacetic/copacetic/releases/download/v${{ env.COPA_VERSION }}/copa_${{ env.COPA_VERSION }}_linux_amd64.tar.gz + tar -zxvf copa.tar.gz + cp copa /usr/local/bin/ + + - name: Bats Test + run: | + docker run --net=host --detach --rm --privileged -p 127.0.0.1:8888:8888 --name buildkitd --entrypoint buildkitd moby/buildkit:v${{ env.BUILDKIT_VERSION }} --addr tcp://0.0.0.0:8888 + docker build --build-arg copa_version=${{ env.COPA_VERSION }} -t copa-action . + cd ${{ github.workspace }}/test + docker run --net=host \ + --mount=type=bind,source=$(pwd)/data,target=/data \ + --mount=type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \ + --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT \ + --name=copa-action \ + copa-action 'docker.io/library/nginx:1.21.6' 'nginx.1.21.6.json' '1.21.6-patched' + docker images + bats --print-output-on-failure ./test.bats diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..558d723 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +FROM debian:12-slim + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Get copa_version arg +ARG copa_version + +# Copies your code file from your action repository to the filesystem path `/` of the container +COPY entrypoint.sh /entrypoint.sh + +# Install required packages +RUN apt-get update && \ + apt-get install -y tar ca-certificates gnupg curl jq --no-install-recommends && \ + # Import Docker GPG key + install -m 0755 -d /etc/apt/keyrings && \ + curl --retry 5 -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ + chmod a+r /etc/apt/keyrings/docker.gpg && \ + # Add the Docker repository with the correct key ID + echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + # Install Docker + apt-get update && \ + apt-get install -y docker-ce docker-ce-cli containerd.io --no-install-recommends + +# Install Copa +RUN curl --retry 5 -fsSL -o copa.tar.gz https://github.com/project-copacetic/copacetic/releases/download/v${copa_version}/copa_${copa_version}_linux_amd64.tar.gz && \ + tar -zxvf copa.tar.gz && \ + cp copa /usr/local/bin/ + +# Code file to execute when the docker container starts up (`entrypoint.sh`) +ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md index 53ce5dd..1767f87 100644 --- a/README.md +++ b/README.md @@ -1 +1,96 @@ -# copa-action \ No newline at end of file +# Copa Action + +This action patches vulnerable containers using [Copa](https://github.com/project-copacetic/copacetic). + +## Inputs + +## `image` + +**Required** The image reference to patch. + +## `image-report` + +**Required** The trivy json vulnerability report of the image to patch. + +## `patched-tag` + +**Required** The new patched image tag. + +## `copa-version` + +**Optional** The Copa version used in the action, default is latest. + +## Output + +## `patched-image` + +Image reference of the resulting patched image. + +## Example usage + +``` +on: [push] + +jobs: + test: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # provide relevant list of images to scan on each run + images: ['docker.io/library/nginx:1.21.6', 'docker.io/openpolicyagent/opa:0.46.0', 'docker.io/library/hello-world:latest'] + + steps: + - name: Checkout repository + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v0.1.0 + with: + repository: project-copacetic/copa-action + ref: main + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 + + - name: Generate Trivy Report + uses: aquasecurity/trivy-action@465a07811f14bebb1938fbed4728c6a1ff8901fc + with: + scan-type: 'image' + format: 'json' + output: 'report.json' + ignore-unfixed: true + vuln-type: 'os' + image-ref: ${{ matrix.images }} + + - name: Check Vuln Count + id: vuln_cout + run: | + report_file="report.json" + vuln_count=$(jq '.Results | length' "$report_file") + echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT + + - name: Copa Action + if: steps.vuln_cout.outputs.vuln_count != '0' + id: copa + uses: project-copacetic/copa-action@v0.1.0 + with: + image: ${{ matrix.images }} + image-report: 'report.json' + patched-tag: 'patched' + buildkit-version: 'v0.11.6' + # optional, default is latest + copa-version: '0.2.0' + + - name: Login to Docker Hub + if: steps.copa.conclusion == 'success' + id: login + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc + with: + username: 'user' + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker Push Patched Image + if: steps.login.conclusion == 'success' + run: | + docker push ${{ steps.copa.outputs.patched-image }} + +``` diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..e53697b --- /dev/null +++ b/action.yaml @@ -0,0 +1,42 @@ +name: 'Copa Action' +description: 'Patch Vulnerable Images' +inputs: + image: + description: 'The image reference to patch' + required: true + image-report: + description: 'The trivy json report of the image to patch' + required: true + patched-tag: + description: 'The new patched image tag' + required: true + buildkit-version: + description: "Buildkit version to use with Copa" + copa-version: + description: "Copa version to use" +outputs: + patched-image: + description: 'Image reference of patched image' + value: ${{ steps.copa-action.outputs.patched-image }} +runs: + using: "composite" + steps: + - name: docker build copa-action + shell: bash + run: | + if [ -z "${{ inputs.copa-version }}" ]; then + latest_tag=$(curl -s "https://api.github.com/repos/project-copacetic/copacetic/releases/latest" | jq -r '.tag_name') + latest_version="${latest:1}" + else + latest_version=${{ inputs.copa-version }} + fi + docker build --build-arg copa_version=${latest_version} -t copa-action . + - name: docker run buildkitd + shell: bash + run: | + docker run --net=host --detach --rm --privileged -p 127.0.0.1:8888:8888 --name buildkitd --entrypoint buildkitd moby/buildkit:${{ inputs.buildkit-version }} --addr tcp://0.0.0.0:8888 + - name: docker run copa-action + id: copa-action + shell: bash + run : | + docker run --net=host --mount=type=bind,source=$(pwd),target=/data --mount=type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT --name=copa-action copa-action ${{ inputs.image }} ${{ inputs.image-report }} ${{ inputs.patched-tag }} diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..27ee6db --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +image=$1 +report=$2 +patched_tag=$3 + +# parse image into image name +image_no_tag=$(echo "$image" | cut -d':' -f1) + +# run copa to patch image +if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" --addr tcp://127.0.0.1:8888; +then + patched_image="$image_no_tag:$patched_tag" + echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" +else + echo "Error patching image $image with copa" + exit 1 +fi diff --git a/test/data/nginx.1.21.6.json b/test/data/nginx.1.21.6.json new file mode 100644 index 0000000..312a595 --- /dev/null +++ b/test/data/nginx.1.21.6.json @@ -0,0 +1,8900 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "docker.io/library/nginx:1.21.6", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "11.3" + }, + "ImageID": "sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d", + "DiffIDs": [ + "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be", + "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665", + "sha256:53ae81198b641f2911dfc469313edde2fe690bf230efaa823a4aa836d08336e0", + "sha256:57d3fc88cb3f95fe3daac8591dabe1c161af0fcfd4cf099aa3f994c888ac7877", + "sha256:747b7a567071ddb822a072c4dadc2ef50ef6d1bf35ce477e9a559f1df1b7c571", + "sha256:33e3df466e11254954ba3b06301c93c066a1f699e2ddd80f0214340236d57935" + ], + "RepoTags": [ + "nginx:1.21.6", + "ghcr.io/copa-action/nginx:1.21.6" + ], + "RepoDigests": [ + "nginx@sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "0a702bec7d2ceb935c6501ae3dfc1ab850f9ea46b9296eb1323b2b826595f954", + "created": "2022-05-28T05:41:03.228946845Z", + "docker_version": "20.10.12", + "history": [ + { + "created": "2022-05-28T01:20:23Z", + "created_by": "/bin/sh -c #(nop) ADD file:134f25aec8adf83cb940ba073a3409ca85dbb5ae592b704f95193e7d2539a3bc in / " + }, + { + "created": "2022-05-28T01:20:23Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true + }, + { + "created": "2022-05-28T05:40:43Z", + "created_by": "/bin/sh -c #(nop) LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", + "empty_layer": true + }, + { + "created": "2022-05-28T05:40:43Z", + "created_by": "/bin/sh -c #(nop) ENV NGINX_VERSION=1.21.6", + "empty_layer": true + }, + { + "created": "2022-05-28T05:40:44Z", + "created_by": "/bin/sh -c #(nop) ENV NJS_VERSION=0.7.3", + "empty_layer": true + }, + { + "created": "2022-05-28T05:40:44Z", + "created_by": "/bin/sh -c #(nop) ENV PKG_RELEASE=1~bullseye", + "empty_layer": true + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c set -x \u0026\u0026 addgroup --system --gid 101 nginx \u0026\u0026 adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos \"nginx user\" --shell /bin/false --uid 101 nginx \u0026\u0026 apt-get update \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \u0026\u0026 NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; found=''; for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo \"Fetching GPG key $NGINX_GPGKEY from $server\"; apt-key adv --keyserver \"$server\" --keyserver-options timeout=10 --recv-keys \"$NGINX_GPGKEY\" \u0026\u0026 found=yes \u0026\u0026 break; done; test -z \"$found\" \u0026\u0026 echo \u003e\u00262 \"error: failed to fetch GPG key $NGINX_GPGKEY\" \u0026\u0026 exit 1; apt-get remove --purge --auto-remove -y gnupg1 \u0026\u0026 rm -rf /var/lib/apt/lists/* \u0026\u0026 dpkgArch=\"$(dpkg --print-architecture)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \" \u0026\u0026 case \"$dpkgArch\" in amd64|arm64) echo \"deb https://nginx.org/packages/mainline/debian/ bullseye nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 apt-get update ;; *) echo \"deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chmod 777 \"$tempDir\" \u0026\u0026 savedAptMark=\"$(apt-mark showmanual)\" \u0026\u0026 apt-get update \u0026\u0026 apt-get build-dep -y $nginxPackages \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 DEB_BUILD_OPTIONS=\"nocheck parallel=$(nproc)\" apt-get source --compile $nginxPackages ) \u0026\u0026 apt-mark showmanual | xargs apt-mark auto \u003e /dev/null \u0026\u0026 { [ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark; } \u0026\u0026 ls -lAFh \"$tempDir\" \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 dpkg-scanpackages . \u003e Packages ) \u0026\u0026 grep '^Package: ' \"$tempDir/Packages\" \u0026\u0026 echo \"deb [ trusted=yes ] file://$tempDir ./\" \u003e /etc/apt/sources.list.d/temp.list \u0026\u0026 apt-get -o Acquire::GzipIndexes=false update ;; esac \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl \u0026\u0026 apt-get remove --purge --auto-remove -y \u0026\u0026 rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \u0026\u0026 if [ -n \"$tempDir\" ]; then apt-get purge -y --auto-remove \u0026\u0026 rm -rf \"$tempDir\" /etc/apt/sources.list.d/temp.list; fi \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d" + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c #(nop) COPY file:65504f71f5855ca017fb64d502ce873a31b2e0decd75297a8fb0a287f97acf92 in / " + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c #(nop) COPY file:0b866ff3fc1ef5b03c4e6c8c513ae014f691fb05d530257dfffd07035c1b75da in /docker-entrypoint.d " + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7de297435e32af634f29f7132ed0550d342cad9fd20158258 in /docker-entrypoint.d " + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c #(nop) COPY file:09a214a3e07c919af2fb2d7c749ccbc446b8c10eb217366e5a65640ee9edcc25 in /docker-entrypoint.d " + }, + { + "created": "2022-05-28T05:41:02Z", + "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"/docker-entrypoint.sh\"]", + "empty_layer": true + }, + { + "created": "2022-05-28T05:41:03Z", + "created_by": "/bin/sh -c #(nop) EXPOSE 80", + "empty_layer": true + }, + { + "created": "2022-05-28T05:41:03Z", + "created_by": "/bin/sh -c #(nop) STOPSIGNAL SIGQUIT", + "empty_layer": true + }, + { + "created": "2022-05-28T05:41:03Z", + "created_by": "/bin/sh -c #(nop) CMD [\"nginx\" \"-g\" \"daemon off;\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be", + "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665", + "sha256:53ae81198b641f2911dfc469313edde2fe690bf230efaa823a4aa836d08336e0", + "sha256:57d3fc88cb3f95fe3daac8591dabe1c161af0fcfd4cf099aa3f994c888ac7877", + "sha256:747b7a567071ddb822a072c4dadc2ef50ef6d1bf35ce477e9a559f1df1b7c571", + "sha256:33e3df466e11254954ba3b06301c93c066a1f699e2ddd80f0214340236d57935" + ] + }, + "config": { + "Cmd": [ + "nginx", + "-g", + "daemon off;" + ], + "Entrypoint": [ + "/docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NGINX_VERSION=1.21.6", + "NJS_VERSION=0.7.3", + "PKG_RELEASE=1~bullseye" + ], + "Image": "sha256:84a2e27303200422deb89ae538dbbc442ac0ffa72c7be4d6f1d3b4bd32dcd451", + "Labels": { + "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" + }, + "StopSignal": "SIGQUIT" + } + } + }, + "Results": [ + { + "Target": "docker.io/library/nginx:1.21.6 (debian 11.3)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-22945", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22945", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: use-after-free and double-free in MQTT sending", + "Description": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/security/cve/CVE-2021-22945", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22945.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945", + "https://hackerone.com/reports/1269242", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22945", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22945", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-23T13:15:00Z", + "LastModifiedDate": "2022-12-22T20:21:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32207", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32207", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Unpreserved file permissions", + "Description": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-276" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/security/cve/CVE-2022-32207", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://curl.se/docs/CVE-2022-32207.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1573634", + "https://linux.oracle.com/cve/CVE-2022-32207.html", + "https://linux.oracle.com/errata/ELSA-2022-6157.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32207", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32207", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-03-28T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32221", + "VendorIDs": [ + "DSA-5330-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32221", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "POST following PUT confusion", + "Description": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-668" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jan/19", + "http://seclists.org/fulldisclosure/2023/Jan/20", + "http://www.openwall.com/lists/oss-security/2023/05/17/4", + "https://access.redhat.com/errata/RHSA-2023:0333", + "https://access.redhat.com/security/cve/CVE-2022-32221", + "https://bugzilla.redhat.com/2135411", + "https://bugzilla.redhat.com/show_bug.cgi?id=2135411", + "https://curl.se/docs/CVE-2022-32221.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221", + "https://errata.almalinux.org/9/ALSA-2023-0333.html", + "https://errata.rockylinux.org/RLSA-2023:0333", + "https://hackerone.com/reports/1704017", + "https://linux.oracle.com/cve/CVE-2022-32221.html", + "https://linux.oracle.com/errata/ELSA-2023-0333.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32221", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20230110-0006/", + "https://security.netapp.com/advisory/ntap-20230208-0002/", + "https://support.apple.com/kb/HT213604", + "https://support.apple.com/kb/HT213605", + "https://ubuntu.com/security/notices/USN-5702-1", + "https://ubuntu.com/security/notices/USN-5702-2", + "https://ubuntu.com/security/notices/USN-5823-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32221", + "https://www.debian.org/security/2023/dsa-5330" + ], + "PublishedDate": "2022-12-05T22:15:00Z", + "LastModifiedDate": "2023-05-17T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22946", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22946", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols", + "Description": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-319" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22946", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22946.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946", + "https://hackerone.com/reports/1334111", + "https://linux.oracle.com/cve/CVE-2021-22946.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22946", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://security.netapp.com/advisory/ntap-20220121-0008/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://www.cve.org/CVERecord?id=CVE-2021-22946", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:24:00Z" + }, + { + "VulnerabilityID": "CVE-2022-22576", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22576", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: OAUTH2 bearer bypass in connection re-use", + "Description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-306" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 5.5, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-22576", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-22576.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1526328", + "https://linux.oracle.com/cve/CVE-2022-22576.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-22576", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-22576", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-05-26T17:15:00Z", + "LastModifiedDate": "2023-07-24T13:31:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27775", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27775", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: bad local IPv6 connection reuse", + "Description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8299", + "https://access.redhat.com/security/cve/CVE-2022-27775", + "https://bugzilla.redhat.com/2078388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2078388", + "https://curl.se/docs/CVE-2022-27775.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775", + "https://errata.almalinux.org/9/ALSA-2022-8299.html", + "https://errata.rockylinux.org/RLSA-2022:8299", + "https://hackerone.com/reports/1546268", + "https://linux.oracle.com/cve/CVE-2022-27775.html", + "https://linux.oracle.com/errata/ELSA-2022-8299.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27775", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27775", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T18:08:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27781", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27781", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "CERTINFO never-ending busy-loop", + "Description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27781", + "https://curl.se/docs/CVE-2022-27781.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781", + "https://github.com/curl/curl/commit/f6c335d63f", + "https://hackerone.com/reports/1555441", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27781", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0009/", + "https://ubuntu.com/security/notices/USN-5412-1", + "https://ubuntu.com/security/notices/USN-5499-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27781", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T17:54:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27782", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27782", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "TLS and SSH connection too eager reuse", + "Description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/03/20/6", + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27782", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27782.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1555796", + "https://linux.oracle.com/cve/CVE-2022-27782.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27782", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0009/", + "https://ubuntu.com/security/notices/USN-5412-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27782", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-03-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22947", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22947", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Server responses received before STARTTLS processed after TLS handshake", + "Description": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22947", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22947.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947", + "https://hackerone.com/reports/1334763", + "https://launchpad.net/bugs/1944120 (regression bug)", + "https://linux.oracle.com/cve/CVE-2021-22947.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22947", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://ubuntu.com/security/notices/USN-5079-3", + "https://ubuntu.com/security/notices/USN-5079-4", + "https://www.cve.org/CVERecord?id=CVE-2021-22947", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27774", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27774", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: credential leak on redirect", + "Description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 3.5, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27774", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27774.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1543773", + "https://linux.oracle.com/cve/CVE-2022-27774.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27774", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27774", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-02-23T17:59:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27776", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27776", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: auth/cookie leak on redirect", + "Description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27776", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27776.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1547048", + "https://linux.oracle.com/cve/CVE-2022-27776.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27776", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27776", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32205", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32205", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Set-Cookie denial of service", + "Description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-32205", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://curl.se/docs/CVE-2022-32205.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205", + "https://hackerone.com/reports/1569946", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32205", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32205", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-01-05T17:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32206", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32206", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "HTTP compression denial of service", + "Description": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "http://www.openwall.com/lists/oss-security/2023/02/15/3", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32206", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://curl.se/docs/CVE-2022-32206.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1570651", + "https://linux.oracle.com/cve/CVE-2022-32206.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32206", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32206", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-02-15T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32208", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32208", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "FTP-KRB bad message verification", + "Description": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32208", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://curl.se/docs/CVE-2022-32208.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1590071", + "https://linux.oracle.com/cve/CVE-2022-32208.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32208", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://ubuntu.com/security/notices/USN-5499-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32208", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-01-05T17:43:00Z" + }, + { + "VulnerabilityID": "CVE-2022-43552", + "VendorIDs": [ + "DSA-5330-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-43552", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Use-after-free triggered by an HTTP proxy deny response", + "Description": "A use after free vulnerability exists in curl \u003c7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Mar/17", + "https://access.redhat.com/errata/RHSA-2023:2478", + "https://access.redhat.com/security/cve/CVE-2022-43552", + "https://bugzilla.redhat.com/2120718", + "https://bugzilla.redhat.com/2152652", + "https://curl.se/docs/CVE-2022-43552.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552", + "https://errata.almalinux.org/9/ALSA-2023-2478.html", + "https://hackerone.com/reports/1764858", + "https://linux.oracle.com/cve/CVE-2022-43552.html", + "https://linux.oracle.com/errata/ELSA-2023-2963.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", + "https://security.netapp.com/advisory/ntap-20230214-0002/", + "https://support.apple.com/kb/HT213670", + "https://ubuntu.com/security/notices/USN-5788-1", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-43552" + ], + "PublishedDate": "2023-02-09T20:15:00Z", + "LastModifiedDate": "2023-03-28T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-23916", + "VendorIDs": [ + "DSA-5365-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u7", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23916", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "HTTP multi-header compression denial of service", + "Description": "An allocation of resources without limits or throttling vulnerability exists in curl \u003cv7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:1701", + "https://access.redhat.com/security/cve/CVE-2023-23916", + "https://bugzilla.redhat.com/2167815", + "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", + "https://curl.se/docs/CVE-2023-23916.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916", + "https://errata.almalinux.org/9/ALSA-2023-1701.html", + "https://errata.rockylinux.org/RLSA-2023:1140", + "https://hackerone.com/reports/1826048", + "https://linux.oracle.com/cve/CVE-2023-23916.html", + "https://linux.oracle.com/errata/ELSA-2023-1701.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", + "https://security.netapp.com/advisory/ntap-20230309-0006/", + "https://ubuntu.com/security/notices/USN-5891-1", + "https://www.cve.org/CVERecord?id=CVE-2023-23916", + "https://www.debian.org/security/2023/dsa-5365" + ], + "PublishedDate": "2023-02-23T20:15:00Z", + "LastModifiedDate": "2023-04-18T16:49:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22898", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: TELNET stack contents disclosure", + "Description": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.", + "Severity": "LOW", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/07/21/4", + "https://access.redhat.com/security/cve/CVE-2021-22898", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22898.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898", + "https://errata.almalinux.org/8/ALSA-2021-4511.html", + "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", + "https://hackerone.com/reports/1176461", + "https://linux.oracle.com/cve/CVE-2021-22898.html", + "https://linux.oracle.com/errata/ELSA-2021-4511.html", + "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22898", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://ubuntu.com/security/notices/USN-5021-2", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22898", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html" + ], + "PublishedDate": "2021-06-11T16:15:00Z", + "LastModifiedDate": "2022-08-30T19:09:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22924", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22924", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Bad connection reuse due to flawed path name checks", + "Description": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.", + "Severity": "LOW", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-22924", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", + "https://curl.se/docs/CVE-2021-22924.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924", + "https://hackerone.com/reports/1223565", + "https://linux.oracle.com/cve/CVE-2021-22924.html", + "https://linux.oracle.com/errata/ELSA-2021-3582.html", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22924", + "https://security.netapp.com/advisory/ntap-20210902-0003/", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22924", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-08-05T21:15:00Z", + "LastModifiedDate": "2022-10-28T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2022-35252", + "PkgID": "curl@7.74.0-1.3+deb11u1", + "PkgName": "curl", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-35252", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Incorrect handling of control code characters in cookies", + "Description": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jan/20", + "http://seclists.org/fulldisclosure/2023/Jan/21", + "https://access.redhat.com/errata/RHSA-2023:2478", + "https://access.redhat.com/security/cve/CVE-2022-35252", + "https://bugzilla.redhat.com/2120718", + "https://bugzilla.redhat.com/2152652", + "https://curl.se/docs/CVE-2022-35252.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252", + "https://errata.almalinux.org/9/ALSA-2023-2478.html", + "https://hackerone.com/reports/1613943", + "https://linux.oracle.com/cve/CVE-2022-35252.html", + "https://linux.oracle.com/errata/ELSA-2023-2963.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-35252", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220930-0005/", + "https://support.apple.com/kb/HT213603", + "https://support.apple.com/kb/HT213604", + "https://ubuntu.com/security/notices/USN-5587-1", + "https://www.cve.org/CVERecord?id=CVE-2022-35252", + "https://www.openwall.com/lists/oss-security/2022/08/31/2" + ], + "PublishedDate": "2022-09-23T14:15:00Z", + "LastModifiedDate": "2023-03-01T18:09:00Z" + }, + { + "VulnerabilityID": "CVE-2022-34903", + "VendorIDs": [ + "DSA-5174-1" + ], + "PkgID": "gpgv@2.2.27-2+deb11u1", + "PkgName": "gpgv", + "InstalledVersion": "2.2.27-2+deb11u1", + "FixedVersion": "2.2.27-2+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-34903", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Signature spoofing via status line injection", + "Description": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V2Score": 5.8, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2022/07/02/1", + "https://access.redhat.com/errata/RHSA-2022:6602", + "https://access.redhat.com/security/cve/CVE-2022-34903", + "https://bugs.debian.org/1014157", + "https://bugzilla.redhat.com/2102868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2102868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903", + "https://dev.gnupg.org/T6027", + "https://errata.almalinux.org/9/ALSA-2022-6602.html", + "https://errata.rockylinux.org/RLSA-2022:6463", + "https://linux.oracle.com/cve/CVE-2022-34903.html", + "https://linux.oracle.com/errata/ELSA-2022-6602.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-34903", + "https://security.netapp.com/advisory/ntap-20220826-0005/", + "https://ubuntu.com/security/notices/USN-5503-1", + "https://ubuntu.com/security/notices/USN-5503-2", + "https://www.cve.org/CVERecord?id=CVE-2022-34903", + "https://www.debian.org/security/2022/dsa-5174", + "https://www.openwall.com/lists/oss-security/2022/06/30/1" + ], + "PublishedDate": "2022-07-01T22:15:00Z", + "LastModifiedDate": "2022-09-09T20:40:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3999", + "PkgID": "libc-bin@2.31-13+deb11u3", + "PkgName": "libc-bin", + "InstalledVersion": "2.31-13+deb11u3", + "FixedVersion": "2.31-13+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Off-by-one buffer overflow/underflow in getcwd()", + "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", + "https://access.redhat.com/security/cve/CVE-2021-3999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999", + "https://linux.oracle.com/cve/CVE-2021-3999.html", + "https://linux.oracle.com/errata/ELSA-2022-9234.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", + "https://security-tracker.debian.org/tracker/CVE-2021-3999", + "https://security.netapp.com/advisory/ntap-20221104-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", + "https://ubuntu.com/security/notices/USN-5310-1", + "https://ubuntu.com/security/notices/USN-5310-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3999", + "https://www.openwall.com/lists/oss-security/2022/01/24/4" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-02-12T23:43:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3999", + "PkgID": "libc6@2.31-13+deb11u3", + "PkgName": "libc6", + "InstalledVersion": "2.31-13+deb11u3", + "FixedVersion": "2.31-13+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Off-by-one buffer overflow/underflow in getcwd()", + "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", + "https://access.redhat.com/security/cve/CVE-2021-3999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999", + "https://linux.oracle.com/cve/CVE-2021-3999.html", + "https://linux.oracle.com/errata/ELSA-2022-9234.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", + "https://security-tracker.debian.org/tracker/CVE-2021-3999", + "https://security.netapp.com/advisory/ntap-20221104-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", + "https://ubuntu.com/security/notices/USN-5310-1", + "https://ubuntu.com/security/notices/USN-5310-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3999", + "https://www.openwall.com/lists/oss-security/2022/01/24/4" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-02-12T23:43:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22945", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22945", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: use-after-free and double-free in MQTT sending", + "Description": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/security/cve/CVE-2021-22945", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22945.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945", + "https://hackerone.com/reports/1269242", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22945", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22945", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-23T13:15:00Z", + "LastModifiedDate": "2022-12-22T20:21:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32207", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32207", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Unpreserved file permissions", + "Description": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-276" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/security/cve/CVE-2022-32207", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://curl.se/docs/CVE-2022-32207.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1573634", + "https://linux.oracle.com/cve/CVE-2022-32207.html", + "https://linux.oracle.com/errata/ELSA-2022-6157.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32207", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32207", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-03-28T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32221", + "VendorIDs": [ + "DSA-5330-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32221", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "POST following PUT confusion", + "Description": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-668" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jan/19", + "http://seclists.org/fulldisclosure/2023/Jan/20", + "http://www.openwall.com/lists/oss-security/2023/05/17/4", + "https://access.redhat.com/errata/RHSA-2023:0333", + "https://access.redhat.com/security/cve/CVE-2022-32221", + "https://bugzilla.redhat.com/2135411", + "https://bugzilla.redhat.com/show_bug.cgi?id=2135411", + "https://curl.se/docs/CVE-2022-32221.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221", + "https://errata.almalinux.org/9/ALSA-2023-0333.html", + "https://errata.rockylinux.org/RLSA-2023:0333", + "https://hackerone.com/reports/1704017", + "https://linux.oracle.com/cve/CVE-2022-32221.html", + "https://linux.oracle.com/errata/ELSA-2023-0333.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32221", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20230110-0006/", + "https://security.netapp.com/advisory/ntap-20230208-0002/", + "https://support.apple.com/kb/HT213604", + "https://support.apple.com/kb/HT213605", + "https://ubuntu.com/security/notices/USN-5702-1", + "https://ubuntu.com/security/notices/USN-5702-2", + "https://ubuntu.com/security/notices/USN-5823-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32221", + "https://www.debian.org/security/2023/dsa-5330" + ], + "PublishedDate": "2022-12-05T22:15:00Z", + "LastModifiedDate": "2023-05-17T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22946", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22946", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols", + "Description": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-319" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22946", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22946.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946", + "https://hackerone.com/reports/1334111", + "https://linux.oracle.com/cve/CVE-2021-22946.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22946", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://security.netapp.com/advisory/ntap-20220121-0008/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://www.cve.org/CVERecord?id=CVE-2021-22946", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:24:00Z" + }, + { + "VulnerabilityID": "CVE-2022-22576", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22576", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: OAUTH2 bearer bypass in connection re-use", + "Description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-306" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 5.5, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-22576", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-22576.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1526328", + "https://linux.oracle.com/cve/CVE-2022-22576.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-22576", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-22576", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-05-26T17:15:00Z", + "LastModifiedDate": "2023-07-24T13:31:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27775", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27775", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: bad local IPv6 connection reuse", + "Description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8299", + "https://access.redhat.com/security/cve/CVE-2022-27775", + "https://bugzilla.redhat.com/2078388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2078388", + "https://curl.se/docs/CVE-2022-27775.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775", + "https://errata.almalinux.org/9/ALSA-2022-8299.html", + "https://errata.rockylinux.org/RLSA-2022:8299", + "https://hackerone.com/reports/1546268", + "https://linux.oracle.com/cve/CVE-2022-27775.html", + "https://linux.oracle.com/errata/ELSA-2022-8299.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27775", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27775", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T18:08:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27781", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27781", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "CERTINFO never-ending busy-loop", + "Description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-27781", + "https://curl.se/docs/CVE-2022-27781.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781", + "https://github.com/curl/curl/commit/f6c335d63f", + "https://hackerone.com/reports/1555441", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27781", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0009/", + "https://ubuntu.com/security/notices/USN-5412-1", + "https://ubuntu.com/security/notices/USN-5499-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27781", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T17:54:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27782", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27782", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "TLS and SSH connection too eager reuse", + "Description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/03/20/6", + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27782", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27782.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1555796", + "https://linux.oracle.com/cve/CVE-2022-27782.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27782", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0009/", + "https://ubuntu.com/security/notices/USN-5412-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27782", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-03-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22947", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22947", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Server responses received before STARTTLS processed after TLS handshake", + "Description": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22947", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22947.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947", + "https://hackerone.com/reports/1334763", + "https://launchpad.net/bugs/1944120 (regression bug)", + "https://linux.oracle.com/cve/CVE-2021-22947.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22947", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://ubuntu.com/security/notices/USN-5079-3", + "https://ubuntu.com/security/notices/USN-5079-4", + "https://www.cve.org/CVERecord?id=CVE-2021-22947", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27774", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27774", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: credential leak on redirect", + "Description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 3.5, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27774", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27774.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1543773", + "https://linux.oracle.com/cve/CVE-2022-27774.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27774", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27774", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-02-23T17:59:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27776", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27776", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: auth/cookie leak on redirect", + "Description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27776", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27776.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1547048", + "https://linux.oracle.com/cve/CVE-2022-27776.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27776", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27776", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-01-05T18:06:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32205", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32205", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Set-Cookie denial of service", + "Description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V2Score": 4.3, + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-32205", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://curl.se/docs/CVE-2022-32205.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205", + "https://hackerone.com/reports/1569946", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32205", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32205", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-01-05T17:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32206", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32206", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "HTTP compression denial of service", + "Description": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "http://www.openwall.com/lists/oss-security/2023/02/15/3", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32206", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://curl.se/docs/CVE-2022-32206.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1570651", + "https://linux.oracle.com/cve/CVE-2022-32206.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32206", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32206", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-02-15T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32208", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32208", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "FTP-KRB bad message verification", + "Description": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32208", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://curl.se/docs/CVE-2022-32208.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1590071", + "https://linux.oracle.com/cve/CVE-2022-32208.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32208", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://ubuntu.com/security/notices/USN-5499-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32208", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-01-05T17:43:00Z" + }, + { + "VulnerabilityID": "CVE-2022-43552", + "VendorIDs": [ + "DSA-5330-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-43552", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Use-after-free triggered by an HTTP proxy deny response", + "Description": "A use after free vulnerability exists in curl \u003c7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Mar/17", + "https://access.redhat.com/errata/RHSA-2023:2478", + "https://access.redhat.com/security/cve/CVE-2022-43552", + "https://bugzilla.redhat.com/2120718", + "https://bugzilla.redhat.com/2152652", + "https://curl.se/docs/CVE-2022-43552.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552", + "https://errata.almalinux.org/9/ALSA-2023-2478.html", + "https://hackerone.com/reports/1764858", + "https://linux.oracle.com/cve/CVE-2022-43552.html", + "https://linux.oracle.com/errata/ELSA-2023-2963.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", + "https://security.netapp.com/advisory/ntap-20230214-0002/", + "https://support.apple.com/kb/HT213670", + "https://ubuntu.com/security/notices/USN-5788-1", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-43552" + ], + "PublishedDate": "2023-02-09T20:15:00Z", + "LastModifiedDate": "2023-03-28T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-23916", + "VendorIDs": [ + "DSA-5365-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u7", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23916", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "HTTP multi-header compression denial of service", + "Description": "An allocation of resources without limits or throttling vulnerability exists in curl \u003cv7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:1701", + "https://access.redhat.com/security/cve/CVE-2023-23916", + "https://bugzilla.redhat.com/2167815", + "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", + "https://curl.se/docs/CVE-2023-23916.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916", + "https://errata.almalinux.org/9/ALSA-2023-1701.html", + "https://errata.rockylinux.org/RLSA-2023:1140", + "https://hackerone.com/reports/1826048", + "https://linux.oracle.com/cve/CVE-2023-23916.html", + "https://linux.oracle.com/errata/ELSA-2023-1701.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", + "https://security.netapp.com/advisory/ntap-20230309-0006/", + "https://ubuntu.com/security/notices/USN-5891-1", + "https://www.cve.org/CVERecord?id=CVE-2023-23916", + "https://www.debian.org/security/2023/dsa-5365" + ], + "PublishedDate": "2023-02-23T20:15:00Z", + "LastModifiedDate": "2023-04-18T16:49:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22898", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: TELNET stack contents disclosure", + "Description": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.", + "Severity": "LOW", + "CweIDs": [ + "CWE-909" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V2Score": 2.6, + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/07/21/4", + "https://access.redhat.com/security/cve/CVE-2021-22898", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22898.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898", + "https://errata.almalinux.org/8/ALSA-2021-4511.html", + "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", + "https://hackerone.com/reports/1176461", + "https://linux.oracle.com/cve/CVE-2021-22898.html", + "https://linux.oracle.com/errata/ELSA-2021-4511.html", + "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22898", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://ubuntu.com/security/notices/USN-5021-2", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22898", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html" + ], + "PublishedDate": "2021-06-11T16:15:00Z", + "LastModifiedDate": "2022-08-30T19:09:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22924", + "VendorIDs": [ + "DSA-5197-1" + ], + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u2", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22924", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "curl: Bad connection reuse due to flawed path name checks", + "Description": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.", + "Severity": "LOW", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-22924", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", + "https://curl.se/docs/CVE-2021-22924.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924", + "https://hackerone.com/reports/1223565", + "https://linux.oracle.com/cve/CVE-2021-22924.html", + "https://linux.oracle.com/errata/ELSA-2021-3582.html", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22924", + "https://security.netapp.com/advisory/ntap-20210902-0003/", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22924", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-08-05T21:15:00Z", + "LastModifiedDate": "2022-10-28T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2022-35252", + "PkgID": "libcurl4@7.74.0-1.3+deb11u1", + "PkgName": "libcurl4", + "InstalledVersion": "7.74.0-1.3+deb11u1", + "FixedVersion": "7.74.0-1.3+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-35252", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Incorrect handling of control code characters in cookies", + "Description": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", + "Severity": "LOW", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jan/20", + "http://seclists.org/fulldisclosure/2023/Jan/21", + "https://access.redhat.com/errata/RHSA-2023:2478", + "https://access.redhat.com/security/cve/CVE-2022-35252", + "https://bugzilla.redhat.com/2120718", + "https://bugzilla.redhat.com/2152652", + "https://curl.se/docs/CVE-2022-35252.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252", + "https://errata.almalinux.org/9/ALSA-2023-2478.html", + "https://hackerone.com/reports/1613943", + "https://linux.oracle.com/cve/CVE-2022-35252.html", + "https://linux.oracle.com/errata/ELSA-2023-2963.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-35252", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220930-0005/", + "https://support.apple.com/kb/HT213603", + "https://support.apple.com/kb/HT213604", + "https://ubuntu.com/security/notices/USN-5587-1", + "https://www.cve.org/CVERecord?id=CVE-2022-35252", + "https://www.openwall.com/lists/oss-security/2022/08/31/2" + ], + "PublishedDate": "2022-09-23T14:15:00Z", + "LastModifiedDate": "2023-03-01T18:09:00Z" + }, + { + "VulnerabilityID": "CVE-2022-40674", + "VendorIDs": [ + "DSA-5236-1" + ], + "PkgID": "libexpat1@2.2.10-2+deb11u3", + "PkgName": "libexpat1", + "InstalledVersion": "2.2.10-2+deb11u3", + "FixedVersion": "2.2.10-2+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40674", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "a use-after-free in the doContent function in xmlparse.c", + "Description": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:7026", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json", + "https://access.redhat.com/security/cve/CVE-2022-40674", + "https://blog.hartwork.org/posts/expat-2-4-9-released/", + "https://bugzilla.redhat.com/2130769", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674", + "https://errata.almalinux.org/9/ALSA-2022-7026.html", + "https://github.com/advisories/GHSA-2vq2-xc55-3j5m", + "https://github.com/libexpat/libexpat/pull/629", + "https://github.com/libexpat/libexpat/pull/640", + "https://linux.oracle.com/cve/CVE-2022-40674.html", + "https://linux.oracle.com/errata/ELSA-2022-9967.html", + "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-40674", + "https://security.gentoo.org/glsa/202209-24", + "https://security.gentoo.org/glsa/202211-06", + "https://security.netapp.com/advisory/ntap-20221028-0008/", + "https://ubuntu.com/security/notices/USN-5638-1", + "https://ubuntu.com/security/notices/USN-5638-2", + "https://ubuntu.com/security/notices/USN-5638-4", + "https://ubuntu.com/security/notices/USN-5726-1", + "https://www.cve.org/CVERecord?id=CVE-2022-40674", + "https://www.debian.org/security/2022/dsa-5236" + ], + "PublishedDate": "2022-09-14T11:15:00Z", + "LastModifiedDate": "2023-02-01T19:16:00Z" + }, + { + "VulnerabilityID": "CVE-2022-43680", + "VendorIDs": [ + "DSA-5266-1" + ], + "PkgID": "libexpat1@2.2.10-2+deb11u3", + "PkgName": "libexpat1", + "InstalledVersion": "2.2.10-2+deb11u3", + "FixedVersion": "2.2.10-2+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-43680", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate", + "Description": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0337", + "https://access.redhat.com/security/cve/CVE-2022-43680", + "https://bugzilla.redhat.com/2140059", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140059", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680", + "https://errata.almalinux.org/9/ALSA-2023-0337.html", + "https://errata.rockylinux.org/RLSA-2023:0103", + "https://github.com/libexpat/libexpat/issues/649", + "https://github.com/libexpat/libexpat/pull/616", + "https://github.com/libexpat/libexpat/pull/650", + "https://linux.oracle.com/cve/CVE-2022-43680.html", + "https://linux.oracle.com/errata/ELSA-2023-0337.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-43680", + "https://security.gentoo.org/glsa/202210-38", + "https://security.netapp.com/advisory/ntap-20221118-0007/", + "https://ubuntu.com/security/notices/USN-5638-2", + "https://ubuntu.com/security/notices/USN-5638-3", + "https://ubuntu.com/security/notices/USN-5638-4", + "https://www.cve.org/CVERecord?id=CVE-2022-43680", + "https://www.debian.org/security/2022/dsa-5266" + ], + "PublishedDate": "2022-10-24T14:15:00Z", + "LastModifiedDate": "2022-12-02T23:00:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27404", + "PkgID": "libfreetype6@2.10.4+dfsg-1", + "PkgName": "libfreetype6", + "InstalledVersion": "2.10.4+dfsg-1", + "FixedVersion": "2.10.4+dfsg-1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27404", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "FreeType: Buffer overflow in sfnt_init_face", + "Description": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8340", + "https://access.redhat.com/security/cve/CVE-2022-27404", + "https://bugzilla.redhat.com/2077985", + "https://bugzilla.redhat.com/2077989", + "https://bugzilla.redhat.com/2077991", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", + "https://errata.almalinux.org/9/ALSA-2022-8340.html", + "https://errata.rockylinux.org/RLSA-2022:7745", + "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138", + "https://linux.oracle.com/cve/CVE-2022-27404.html", + "https://linux.oracle.com/errata/ELSA-2022-8340.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27404", + "https://ubuntu.com/security/notices/USN-5528-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27404" + ], + "PublishedDate": "2022-04-22T14:15:00Z", + "LastModifiedDate": "2022-07-27T13:44:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27405", + "PkgID": "libfreetype6@2.10.4+dfsg-1", + "PkgName": "libfreetype6", + "InstalledVersion": "2.10.4+dfsg-1", + "FixedVersion": "2.10.4+dfsg-1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27405", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "FreeType: Segmentation violation via FNT_Size_Request", + "Description": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://freetype.com", + "https://access.redhat.com/errata/RHSA-2022:8340", + "https://access.redhat.com/security/cve/CVE-2022-27405", + "https://bugzilla.redhat.com/2077985", + "https://bugzilla.redhat.com/2077989", + "https://bugzilla.redhat.com/2077991", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", + "https://errata.almalinux.org/9/ALSA-2022-8340.html", + "https://errata.rockylinux.org/RLSA-2022:7745", + "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139", + "https://linux.oracle.com/cve/CVE-2022-27405.html", + "https://linux.oracle.com/errata/ELSA-2022-8340.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27405", + "https://ubuntu.com/security/notices/USN-5528-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27405" + ], + "PublishedDate": "2022-04-22T14:15:00Z", + "LastModifiedDate": "2022-07-27T16:04:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27406", + "PkgID": "libfreetype6@2.10.4+dfsg-1", + "PkgName": "libfreetype6", + "InstalledVersion": "2.10.4+dfsg-1", + "FixedVersion": "2.10.4+dfsg-1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27406", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Freetype: Segmentation violation via FT_Request_Size", + "Description": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://freetype.com", + "https://access.redhat.com/errata/RHSA-2022:8340", + "https://access.redhat.com/security/cve/CVE-2022-27406", + "https://bugzilla.redhat.com/2077985", + "https://bugzilla.redhat.com/2077989", + "https://bugzilla.redhat.com/2077991", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", + "https://errata.almalinux.org/9/ALSA-2022-8340.html", + "https://errata.rockylinux.org/RLSA-2022:7745", + "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140", + "https://linux.oracle.com/cve/CVE-2022-27406.html", + "https://linux.oracle.com/errata/ELSA-2022-8340.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27406", + "https://ubuntu.com/security/notices/USN-5453-1", + "https://ubuntu.com/security/notices/USN-5528-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27406" + ], + "PublishedDate": "2022-04-22T14:15:00Z", + "LastModifiedDate": "2022-07-27T16:05:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2509", + "VendorIDs": [ + "DSA-5203-1" + ], + "PkgID": "libgnutls30@3.7.1-5", + "PkgName": "libgnutls30", + "InstalledVersion": "3.7.1-5", + "FixedVersion": "3.7.1-5+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2509", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Double free during gnutls_pkcs7_verify", + "Description": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6854", + "https://access.redhat.com/security/cve/CVE-2022-2509", + "https://bugzilla.redhat.com/2108977", + "https://bugzilla.redhat.com/show_bug.cgi?id=2108977", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509", + "https://errata.almalinux.org/9/ALSA-2022-6854.html", + "https://errata.rockylinux.org/RLSA-2022:7105", + "https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)", + "https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07", + "https://linux.oracle.com/cve/CVE-2022-2509.html", + "https://linux.oracle.com/errata/ELSA-2022-7105.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/", + "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2509", + "https://ubuntu.com/security/notices/USN-5550-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2509", + "https://www.debian.org/security/2022/dsa-5203" + ], + "PublishedDate": "2022-08-01T14:15:00Z", + "LastModifiedDate": "2022-08-19T12:10:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0361", + "VendorIDs": [ + "DSA-5349-1" + ], + "PkgID": "libgnutls30@3.7.1-5", + "PkgName": "libgnutls30", + "InstalledVersion": "3.7.1-5", + "FixedVersion": "3.7.1-5+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0361", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "timing side-channel in the TLS RSA key exchange code", + "Description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:1141", + "https://access.redhat.com/security/cve/CVE-2023-0361", + "https://bugzilla.redhat.com/2162596", + "https://bugzilla.redhat.com/show_bug.cgi?id=2131152", + "https://bugzilla.redhat.com/show_bug.cgi?id=2162596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361", + "https://errata.almalinux.org/9/ALSA-2023-1141.html", + "https://errata.rockylinux.org/RLSA-2023:1569", + "https://github.com/tlsfuzzer/tlsfuzzer/pull/679", + "https://gitlab.com/gnutls/gnutls/-/issues/1050", + "https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14", + "https://linux.oracle.com/cve/CVE-2023-0361.html", + "https://linux.oracle.com/errata/ELSA-2023-1569.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0361", + "https://security.netapp.com/advisory/ntap-20230324-0005/", + "https://security.netapp.com/advisory/ntap-20230725-0005/", + "https://ubuntu.com/security/notices/USN-5901-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0361" + ], + "PublishedDate": "2023-02-15T18:15:00Z", + "LastModifiedDate": "2023-07-25T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4209", + "PkgID": "libgnutls30@3.7.1-5", + "PkgName": "libgnutls30", + "InstalledVersion": "3.7.1-5", + "FixedVersion": "3.7.1-5+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4209", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Null pointer dereference in MD_UPDATE", + "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4209", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4209", + "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", + "https://gitlab.com/gnutls/gnutls/-/issues/1306", + "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4209", + "https://security.netapp.com/advisory/ntap-20220915-0005/", + "https://ubuntu.com/security/notices/USN-5550-1", + "https://ubuntu.com/security/notices/USN-5750-1", + "https://www.cve.org/CVERecord?id=CVE-2021-4209" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2022-10-27T16:57:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "VendorIDs": [ + "DSA-5286-1" + ], + "PkgID": "libgssapi-krb5-2@1.18.3-6+deb11u1", + "PkgName": "libgssapi-krb5-2", + "InstalledVersion": "1.18.3-6+deb11u1", + "FixedVersion": "1.18.3-6+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8638", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "VendorIDs": [ + "DSA-5286-1" + ], + "PkgID": "libk5crypto3@1.18.3-6+deb11u1", + "PkgName": "libk5crypto3", + "InstalledVersion": "1.18.3-6+deb11u1", + "FixedVersion": "1.18.3-6+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8638", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "VendorIDs": [ + "DSA-5286-1" + ], + "PkgID": "libkrb5-3@1.18.3-6+deb11u1", + "PkgName": "libkrb5-3", + "InstalledVersion": "1.18.3-6+deb11u1", + "FixedVersion": "1.18.3-6+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8638", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "VendorIDs": [ + "DSA-5286-1" + ], + "PkgID": "libkrb5support0@1.18.3-6+deb11u1", + "PkgName": "libkrb5support0", + "InstalledVersion": "1.18.3-6+deb11u1", + "FixedVersion": "1.18.3-6+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8638", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1586", + "PkgID": "libpcre2-8-0@10.36-2", + "PkgName": "libpcre2-8-0", + "InstalledVersion": "10.36-2", + "FixedVersion": "10.36-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1586", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c", + "Description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5809", + "https://access.redhat.com/security/cve/CVE-2022-1586", + "https://bugzilla.redhat.com/2077976", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077976", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077976,", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586", + "https://errata.almalinux.org/8/ALSA-2022-5809.html", + "https://errata.rockylinux.org/RLSA-2022:5809", + "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,", + "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c", + "https://linux.oracle.com/cve/CVE-2022-1586.html", + "https://linux.oracle.com/errata/ELSA-2022-5809.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1586", + "https://security.netapp.com/advisory/ntap-20221028-0009/", + "https://ubuntu.com/security/notices/USN-5627-1", + "https://ubuntu.com/security/notices/USN-5627-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1586" + ], + "PublishedDate": "2022-05-16T21:15:00Z", + "LastModifiedDate": "2023-03-16T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1587", + "PkgID": "libpcre2-8-0@10.36-2", + "PkgName": "libpcre2-8-0", + "InstalledVersion": "10.36-2", + "FixedVersion": "10.36-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1587", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c", + "Description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-1587", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077983,", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587", + "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0", + "https://linux.oracle.com/cve/CVE-2022-1587.html", + "https://linux.oracle.com/errata/ELSA-2022-5251.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1587", + "https://security.netapp.com/advisory/ntap-20221028-0009/", + "https://ubuntu.com/security/notices/USN-5627-1", + "https://ubuntu.com/security/notices/USN-5627-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1587" + ], + "PublishedDate": "2022-05-16T21:15:00Z", + "LastModifiedDate": "2023-03-16T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2068", + "VendorIDs": [ + "DSA-5169-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u3", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2068", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "the c_rehash script allows command injection", + "Description": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2068", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7", + "https://linux.oracle.com/cve/CVE-2022-2068.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2068", + "https://security.netapp.com/advisory/ntap-20220707-0008/", + "https://ubuntu.com/security/notices/USN-5488-1", + "https://ubuntu.com/security/notices/USN-5488-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2068", + "https://www.debian.org/security/2022/dsa-5169", + "https://www.openssl.org/news/secadv/20220621.txt" + ], + "PublishedDate": "2022-06-21T15:15:00Z", + "LastModifiedDate": "2023-03-01T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:54:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2097", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2097", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "AES OCB fails to encrypt some bytes", + "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-326" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2097", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", + "https://github.com/advisories/GHSA-3wx7-46ch-7rq2", + "https://linux.oracle.com/cve/CVE-2022-2097.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", + "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220715-0011/", + "https://security.netapp.com/advisory/ntap-20230420-0008/", + "https://ubuntu.com/security/notices/USN-5502-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2097", + "https://www.debian.org/security/2023/dsa-5343", + "https://www.openssl.org/news/secadv/20220705.txt" + ], + "PublishedDate": "2022-07-05T11:15:00Z", + "LastModifiedDate": "2023-04-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", + "Severity": "MEDIUM", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "libssl1.1@1.1.1n-0+deb11u2", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3821", + "PkgID": "libsystemd0@247.3-7", + "PkgName": "libsystemd0", + "InstalledVersion": "247.3-7", + "FixedVersion": "247.3-7+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "buffer overrun in format_timespan() function", + "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0336", + "https://access.redhat.com/security/cve/CVE-2022-3821", + "https://bugzilla.redhat.com/2139327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", + "https://errata.almalinux.org/9/ALSA-2023-0336.html", + "https://errata.rockylinux.org/RLSA-2023:0336", + "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", + "https://github.com/systemd/systemd/issues/23928", + "https://github.com/systemd/systemd/pull/23933", + "https://linux.oracle.com/cve/CVE-2022-3821.html", + "https://linux.oracle.com/errata/ELSA-2023-0336.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", + "https://security.gentoo.org/glsa/202305-15", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3821" + ], + "PublishedDate": "2022-11-08T22:15:00Z", + "LastModifiedDate": "2023-06-29T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4415", + "PkgID": "libsystemd0@247.3-7", + "PkgName": "libsystemd0", + "InstalledVersion": "247.3-7", + "FixedVersion": "247.3-7+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4415", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", + "Description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0954", + "https://access.redhat.com/security/cve/CVE-2022-4415", + "https://bugzilla.redhat.com/2149063", + "https://bugzilla.redhat.com/2155515", + "https://bugzilla.redhat.com/show_bug.cgi?id=2155515", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164049", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415", + "https://errata.almalinux.org/9/ALSA-2023-0954.html", + "https://errata.rockylinux.org/RLSA-2023:0837", + "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", + "https://linux.oracle.com/cve/CVE-2022-4415.html", + "https://linux.oracle.com/errata/ELSA-2023-0954.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4415", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4415", + "https://www.openwall.com/lists/oss-security/2022/12/21/3" + ], + "PublishedDate": "2023-01-11T15:15:00Z", + "LastModifiedDate": "2023-02-02T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2021-46848", + "PkgID": "libtasn1-6@4.16.0-2", + "PkgName": "libtasn1-6", + "InstalledVersion": "4.16.0-2", + "FixedVersion": "4.16.0-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46848", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtasn1: Out-of-bound access in ETYPE_OK", + "Description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0343", + "https://access.redhat.com/security/cve/CVE-2021-46848", + "https://bugs.gentoo.org/866237", + "https://bugzilla.redhat.com/2140058", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848", + "https://errata.almalinux.org/9/ALSA-2023-0343.html", + "https://errata.rockylinux.org/RLSA-2023:0116", + "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5", + "https://gitlab.com/gnutls/libtasn1/-/issues/32", + "https://linux.oracle.com/cve/CVE-2021-46848.html", + "https://linux.oracle.com/errata/ELSA-2023-0343.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-46848", + "https://security.netapp.com/advisory/ntap-20221118-0006/", + "https://ubuntu.com/security/notices/USN-5707-1", + "https://www.cve.org/CVERecord?id=CVE-2021-46848" + ], + "PublishedDate": "2022-10-24T14:15:00Z", + "LastModifiedDate": "2023-01-20T13:55:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3970", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3970", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow in function TIFFReadRGBATileExt of the file", + "Description": "A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-189", + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3970", + "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be", + "https://linux.oracle.com/cve/CVE-2022-3970.html", + "https://linux.oracle.com/errata/ELSA-2023-2883.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3970", + "https://oss-fuzz.com/download?testcase_id=5738253143900160", + "https://security.netapp.com/advisory/ntap-20221215-0009/", + "https://ubuntu.com/security/notices/USN-5743-1", + "https://ubuntu.com/security/notices/USN-5743-2", + "https://ubuntu.com/security/notices/USN-5841-1", + "https://vuldb.com/?id.213549", + "https://www.cve.org/CVERecord?id=CVE-2022-3970" + ], + "PublishedDate": "2022-11-13T08:15:00Z", + "LastModifiedDate": "2023-03-01T16:35:00Z" + }, + { + "VulnerabilityID": "CVE-2023-25434", + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-25434", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap-buffer overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c", + "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-25434", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434", + "https://gitlab.com/libtiff/libtiff/-/issues/519", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/465", + "https://nvd.nist.gov/vuln/detail/CVE-2023-25434", + "https://www.cve.org/CVERecord?id=CVE-2023-25434" + ], + "PublishedDate": "2023-06-14T20:15:00Z", + "LastModifiedDate": "2023-06-23T16:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1354", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1354", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c", + "Description": "A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8194", + "https://access.redhat.com/security/cve/CVE-2022-1354", + "https://bugzilla.redhat.com/2042603", + "https://bugzilla.redhat.com/2054494", + "https://bugzilla.redhat.com/2054495", + "https://bugzilla.redhat.com/2064145", + "https://bugzilla.redhat.com/2064146", + "https://bugzilla.redhat.com/2064148", + "https://bugzilla.redhat.com/2064406", + "https://bugzilla.redhat.com/2064411", + "https://bugzilla.redhat.com/2074404", + "https://bugzilla.redhat.com/2074415", + "https://bugzilla.redhat.com/show_bug.cgi?id=2074404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354", + "https://errata.almalinux.org/9/ALSA-2022-8194.html", + "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798", + "https://gitlab.com/libtiff/libtiff/-/issues/319", + "https://linux.oracle.com/cve/CVE-2022-1354.html", + "https://linux.oracle.com/errata/ELSA-2022-8194.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1354", + "https://security.gentoo.org/glsa/202210-10", + "https://security.netapp.com/advisory/ntap-20221014-0007/", + "https://ubuntu.com/security/notices/USN-5619-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1354", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:50:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1355", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1355", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "stack-buffer-overflow in tiffcp.c in main()", + "Description": "A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-121" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8194", + "https://access.redhat.com/security/cve/CVE-2022-1355", + "https://bugzilla.redhat.com/2042603", + "https://bugzilla.redhat.com/2054494", + "https://bugzilla.redhat.com/2054495", + "https://bugzilla.redhat.com/2064145", + "https://bugzilla.redhat.com/2064146", + "https://bugzilla.redhat.com/2064148", + "https://bugzilla.redhat.com/2064406", + "https://bugzilla.redhat.com/2064411", + "https://bugzilla.redhat.com/2074404", + "https://bugzilla.redhat.com/2074415", + "https://bugzilla.redhat.com/show_bug.cgi?id=2042603", + "https://bugzilla.redhat.com/show_bug.cgi?id=2054494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2054495", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064145", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064146", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064148", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064411", + "https://bugzilla.redhat.com/show_bug.cgi?id=2074415", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844", + "https://errata.almalinux.org/9/ALSA-2022-8194.html", + "https://errata.rockylinux.org/RLSA-2022:7585", + "https://gitlab.com/libtiff/libtiff/-/issues/400", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/323", + "https://linux.oracle.com/cve/CVE-2022-1355.html", + "https://linux.oracle.com/errata/ELSA-2022-8194.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1355", + "https://security.gentoo.org/glsa/202210-10", + "https://security.netapp.com/advisory/ntap-20221014-0007/", + "https://ubuntu.com/security/notices/USN-5619-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1355", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:52:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1622", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1622", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtiff: out-of-bounds read in LZWDecode", + "Description": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-1622", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json", + "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", + "https://gitlab.com/libtiff/libtiff/-/issues/410", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1622", + "https://security.netapp.com/advisory/ntap-20220616-0005/", + "https://support.apple.com/kb/HT213443", + "https://support.apple.com/kb/HT213444", + "https://support.apple.com/kb/HT213446", + "https://support.apple.com/kb/HT213486", + "https://support.apple.com/kb/HT213487", + "https://support.apple.com/kb/HT213488", + "https://www.cve.org/CVERecord?id=CVE-2022-1622" + ], + "PublishedDate": "2022-05-11T15:15:00Z", + "LastModifiedDate": "2022-11-07T20:52:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1623", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1623", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtiff: out-of-bounds read in LZWDecode", + "Description": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-1623", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json", + "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a", + "https://gitlab.com/libtiff/libtiff/-/issues/410", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1623", + "https://security.gentoo.org/glsa/202210-10", + "https://security.netapp.com/advisory/ntap-20220616-0005/", + "https://www.cve.org/CVERecord?id=CVE-2022-1623", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-05-11T15:15:00Z", + "LastModifiedDate": "2023-02-23T15:53:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2056", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2056", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "division by zero issues in tiffcrop", + "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2056", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json", + "https://gitlab.com/libtiff/libtiff/-/issues/415", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", + "https://linux.oracle.com/cve/CVE-2022-2056.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2056", + "https://security.netapp.com/advisory/ntap-20220826-0001/", + "https://ubuntu.com/security/notices/USN-5619-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2056", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-06-30T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:55:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2057", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2057", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "division by zero issues in tiffcrop", + "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2057", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json", + "https://gitlab.com/libtiff/libtiff/-/issues/427", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", + "https://linux.oracle.com/cve/CVE-2022-2057.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2057", + "https://security.netapp.com/advisory/ntap-20220826-0001/", + "https://ubuntu.com/security/notices/USN-5619-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2057", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-06-30T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:55:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2058", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2058", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "division by zero issues in tiffcrop", + "Description": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-369" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2058", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json", + "https://gitlab.com/libtiff/libtiff/-/issues/428", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/346", + "https://linux.oracle.com/cve/CVE-2022-2058.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2058", + "https://security.netapp.com/advisory/ntap-20220826-0001/", + "https://ubuntu.com/security/notices/USN-5619-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2058", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-06-30T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:56:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2519", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2519", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Double free or corruption in rotateImage() function at tiffcrop.c", + "Description": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2519", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/libtiff/libtiff/-/issues/423", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", + "https://linux.oracle.com/cve/CVE-2022-2519.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2519", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2519", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:57:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2520", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2520", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Assertion fail in rotateImage() function at tiffcrop.c", + "Description": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-131" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2520", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/libtiff/libtiff/-/issues/424", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", + "https://linux.oracle.com/cve/CVE-2022-2520.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2520", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2520", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2023-02-28T15:39:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2521", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2521", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Invalid pointer free operation in TIFFClose() at tif_close.c", + "Description": "It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-763" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2521", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/libtiff/libtiff/-/issues/422", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/378", + "https://linux.oracle.com/cve/CVE-2022-2521.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2521", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2521", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2023-02-23T15:59:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2867", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2867", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "uint32_t underflow leads to out of bounds read and write in tiffcrop.c", + "Description": "libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787", + "CWE-191" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0095", + "https://access.redhat.com/security/cve/CVE-2022-2867", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2118847", + "https://bugzilla.redhat.com/2118863", + "https://bugzilla.redhat.com/2118869", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/8/ALSA-2023-0095.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://linux.oracle.com/cve/CVE-2022-2867.html", + "https://linux.oracle.com/errata/ELSA-2023-0095.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2867", + "https://ubuntu.com/security/notices/USN-5604-1", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2867", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-17T22:15:00Z", + "LastModifiedDate": "2023-02-23T15:49:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2868", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2868", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()", + "Description": "libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0095", + "https://access.redhat.com/security/cve/CVE-2022-2868", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2118847", + "https://bugzilla.redhat.com/2118863", + "https://bugzilla.redhat.com/2118869", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/8/ALSA-2023-0095.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://linux.oracle.com/cve/CVE-2022-2868.html", + "https://linux.oracle.com/errata/ELSA-2023-0095.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2868", + "https://ubuntu.com/security/notices/USN-5604-1", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2868", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-17T22:15:00Z", + "LastModifiedDate": "2023-07-21T16:38:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2869", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2869", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()", + "Description": "libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787", + "CWE-191" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0095", + "https://access.redhat.com/security/cve/CVE-2022-2869", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2118847", + "https://bugzilla.redhat.com/2118863", + "https://bugzilla.redhat.com/2118869", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/8/ALSA-2023-0095.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://linux.oracle.com/cve/CVE-2022-2869.html", + "https://linux.oracle.com/errata/ELSA-2023-0095.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2869", + "https://ubuntu.com/security/notices/USN-5604-1", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2869", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-17T22:15:00Z", + "LastModifiedDate": "2023-02-23T15:49:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2953", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2953", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap-buffer-overflow in extractImageSection in tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0302", + "https://access.redhat.com/security/cve/CVE-2022-2953", + "https://bugzilla.redhat.com/2103222", + "https://bugzilla.redhat.com/2122789", + "https://bugzilla.redhat.com/2122792", + "https://bugzilla.redhat.com/2122799", + "https://bugzilla.redhat.com/2134432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2103222", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118863", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122789", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122799", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134432", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953", + "https://errata.almalinux.org/9/ALSA-2023-0302.html", + "https://errata.rockylinux.org/RLSA-2023:0095", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json", + "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3", + "https://gitlab.com/libtiff/libtiff/-/issues/414", + "https://linux.oracle.com/cve/CVE-2022-2953.html", + "https://linux.oracle.com/errata/ELSA-2023-0302.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2953", + "https://security.netapp.com/advisory/ntap-20221014-0008/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2953", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-08-29T15:15:00Z", + "LastModifiedDate": "2023-02-23T16:01:00Z" + }, + { + "VulnerabilityID": "CVE-2022-34526", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-34526", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit", + "Description": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-34526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526", + "https://gitlab.com/libtiff/libtiff/-/issues/433", + "https://gitlab.com/libtiff/libtiff/-/issues/486", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-34526", + "https://security.netapp.com/advisory/ntap-20220930-0002/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-34526", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-07-29T23:15:00Z", + "LastModifiedDate": "2023-02-09T01:58:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3570", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3570", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap Buffer overflows in tiffcrop.c", + "Description": "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3570", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json", + "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c", + "https://gitlab.com/libtiff/libtiff/-/issues/381", + "https://gitlab.com/libtiff/libtiff/-/issues/386", + "https://linux.oracle.com/cve/CVE-2022-3570.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3570", + "https://security.netapp.com/advisory/ntap-20230203-0002/", + "https://ubuntu.com/security/notices/USN-5705-1", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3570", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-02-23T16:02:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3597", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3597", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3597", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json", + "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "https://gitlab.com/libtiff/libtiff/-/issues/413", + "https://linux.oracle.com/cve/CVE-2022-3597.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3597", + "https://security.netapp.com/advisory/ntap-20230110-0001/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3597", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-02-23T16:04:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3598", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3598", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3598", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json", + "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff", + "https://gitlab.com/libtiff/libtiff/-/issues/435", + "https://linux.oracle.com/cve/CVE-2022-3598.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3598", + "https://security.netapp.com/advisory/ntap-20230110-0001/", + "https://ubuntu.com/security/notices/USN-5705-1", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3598" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-03-31T16:05:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3599", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3599", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in writeSingleSection in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3599", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json", + "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", + "https://gitlab.com/libtiff/libtiff/-/issues/398", + "https://gitlab.com/libtiff/libtiff/-/merge_requests/385", + "https://linux.oracle.com/cve/CVE-2022-3599.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3599", + "https://security.netapp.com/advisory/ntap-20230110-0001/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3599", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-02-23T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3626", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3626", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3626", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json", + "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "https://gitlab.com/libtiff/libtiff/-/issues/426", + "https://linux.oracle.com/cve/CVE-2022-3626.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3626", + "https://security.netapp.com/advisory/ntap-20230110-0001/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3626" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-03-31T16:06:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3627", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3627", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-3627", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json", + "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "https://gitlab.com/libtiff/libtiff/-/issues/411", + "https://linux.oracle.com/cve/CVE-2022-3627.html", + "https://linux.oracle.com/errata/ELSA-2023-2883.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3627", + "https://security.netapp.com/advisory/ntap-20230110-0001/", + "https://ubuntu.com/security/notices/USN-5714-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3627", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2022-10-21T16:15:00Z", + "LastModifiedDate": "2023-02-23T16:07:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4645", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4645", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in tiffcp in tools/tiffcp.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2022-4645", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json", + "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", + "https://gitlab.com/libtiff/libtiff/-/issues/277", + "https://linux.oracle.com/cve/CVE-2022-4645.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4645", + "https://security.netapp.com/advisory/ntap-20230331-0001/", + "https://www.cve.org/CVERecord?id=CVE-2022-4645" + ], + "PublishedDate": "2023-03-03T16:15:00Z", + "LastModifiedDate": "2023-03-31T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-48281", + "VendorIDs": [ + "DSA-5333-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48281", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c", + "Description": "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2022-48281", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5", + "https://gitlab.com/libtiff/libtiff/-/issues/488", + "https://linux.oracle.com/cve/CVE-2022-48281.html", + "https://linux.oracle.com/errata/ELSA-2023-3827.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-48281", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230302-0004/", + "https://ubuntu.com/security/notices/USN-5841-1", + "https://www.cve.org/CVERecord?id=CVE-2022-48281", + "https://www.debian.org/security/2023/dsa-5333" + ], + "PublishedDate": "2023-01-23T03:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0795", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0795", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0795", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", + "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", + "https://gitlab.com/libtiff/libtiff/-/issues/493", + "https://linux.oracle.com/cve/CVE-2023-0795.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0795", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0003/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0795", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0796", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0796", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json", + "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", + "https://gitlab.com/libtiff/libtiff/-/issues/499", + "https://linux.oracle.com/cve/CVE-2023-0796.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0796", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0003/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0796", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0797", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0797", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0797", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", + "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", + "https://gitlab.com/libtiff/libtiff/-/issues/495", + "https://linux.oracle.com/cve/CVE-2023-0797.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0797", + "https://security.gentoo.org/glsa/202305-31", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0797", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0798", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0798", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0798", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json", + "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", + "https://gitlab.com/libtiff/libtiff/-/issues/492", + "https://linux.oracle.com/cve/CVE-2023-0798.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0798", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0003/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0798", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0799", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0799", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0799", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json", + "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", + "https://gitlab.com/libtiff/libtiff/-/issues/494", + "https://linux.oracle.com/cve/CVE-2023-0799.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0799", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0003/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0799", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0800", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0800", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0800", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json", + "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", + "https://gitlab.com/libtiff/libtiff/-/issues/496", + "https://linux.oracle.com/cve/CVE-2023-0800.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0800", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0002/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0800", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0801", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0801", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0801", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json", + "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", + "https://gitlab.com/libtiff/libtiff/-/issues/498", + "https://linux.oracle.com/cve/CVE-2023-0801.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0801", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0002/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0801", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0802", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0802", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0802", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json", + "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", + "https://gitlab.com/libtiff/libtiff/-/issues/500", + "https://linux.oracle.com/cve/CVE-2023-0802.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0802", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0002/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0802", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0803", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0803", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0803", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json", + "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", + "https://gitlab.com/libtiff/libtiff/-/issues/501", + "https://linux.oracle.com/cve/CVE-2023-0803.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0803", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230316-0002/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0803", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0804", + "VendorIDs": [ + "DSA-5361-1" + ], + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0804", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "Description": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3711", + "https://access.redhat.com/security/cve/CVE-2023-0804", + "https://bugzilla.redhat.com/2163606", + "https://bugzilla.redhat.com/2170119", + "https://bugzilla.redhat.com/2170146", + "https://bugzilla.redhat.com/2170151", + "https://bugzilla.redhat.com/2170157", + "https://bugzilla.redhat.com/2170162", + "https://bugzilla.redhat.com/2170167", + "https://bugzilla.redhat.com/2170172", + "https://bugzilla.redhat.com/2170178", + "https://bugzilla.redhat.com/2170187", + "https://bugzilla.redhat.com/2170192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804", + "https://errata.almalinux.org/9/ALSA-2023-3711.html", + "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json", + "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", + "https://gitlab.com/libtiff/libtiff/-/issues/497", + "https://linux.oracle.com/cve/CVE-2023-0804.html", + "https://linux.oracle.com/errata/ELSA-2023-3711.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0804", + "https://security.gentoo.org/glsa/202305-31", + "https://security.netapp.com/advisory/ntap-20230324-0009/", + "https://ubuntu.com/security/notices/USN-5923-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0804", + "https://www.debian.org/security/2023/dsa-5361" + ], + "PublishedDate": "2023-02-13T23:15:00Z", + "LastModifiedDate": "2023-05-30T06:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-25435", + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-25435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c", + "Description": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-25435", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435", + "https://gitlab.com/libtiff/libtiff/-/issues/518", + "https://nvd.nist.gov/vuln/detail/CVE-2023-25435", + "https://www.cve.org/CVERecord?id=CVE-2023-25435" + ], + "PublishedDate": "2023-06-21T20:15:00Z", + "LastModifiedDate": "2023-06-28T18:51:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30086", + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30086", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Heap buffer overflow in tiffcp() at tiffcp.c", + "Description": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://libtiff-release-v4-0-7.com", + "http://tiffcp.com", + "https://access.redhat.com/security/cve/CVE-2023-30086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086", + "https://gitlab.com/libtiff/libtiff/-/issues/538", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30086", + "https://security.netapp.com/advisory/ntap-20230616-0003/", + "https://www.cve.org/CVERecord?id=CVE-2023-30086" + ], + "PublishedDate": "2023-05-09T16:15:00Z", + "LastModifiedDate": "2023-06-16T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30774", + "PkgID": "libtiff5@4.2.0-1+deb11u1", + "PkgName": "libtiff5", + "InstalledVersion": "4.2.0-1+deb11u1", + "FixedVersion": "4.2.0-1+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30774", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value", + "Description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2340", + "https://access.redhat.com/security/cve/CVE-2023-30774", + "https://bugzilla.redhat.com/2142734", + "https://bugzilla.redhat.com/2142736", + "https://bugzilla.redhat.com/2142738", + "https://bugzilla.redhat.com/2142740", + "https://bugzilla.redhat.com/2142741", + "https://bugzilla.redhat.com/2142742", + "https://bugzilla.redhat.com/2148918", + "https://bugzilla.redhat.com/2176220", + "https://bugzilla.redhat.com/2187139", + "https://bugzilla.redhat.com/2187141", + "https://bugzilla.redhat.com/show_bug.cgi?id=2187139", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774", + "https://errata.almalinux.org/9/ALSA-2023-2340.html", + "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", + "https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1)", + "https://gitlab.com/libtiff/libtiff/-/issues/463", + "https://linux.oracle.com/cve/CVE-2023-30774.html", + "https://linux.oracle.com/errata/ELSA-2023-2340.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30774", + "https://security.netapp.com/advisory/ntap-20230703-0002/", + "https://www.cve.org/CVERecord?id=CVE-2023-30774" + ], + "PublishedDate": "2023-05-19T15:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-29458", + "PkgID": "libtinfo6@6.2+20201114-2", + "PkgName": "libtinfo6", + "InstalledVersion": "6.2+20201114-2", + "FixedVersion": "6.2+20201114-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "segfaulting OOB read", + "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-29458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458", + "https://invisible-island.net/ncurses/NEWS.html#t20220416", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5477-1", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2022-29458" + ], + "PublishedDate": "2022-04-18T21:15:00Z", + "LastModifiedDate": "2022-11-08T19:46:00Z" + }, + { + "VulnerabilityID": "CVE-2021-46828", + "VendorIDs": [ + "DSA-5200-1" + ], + "PkgID": "libtirpc-common@1.3.1-1", + "PkgName": "libtirpc-common", + "InstalledVersion": "1.3.1-1", + "FixedVersion": "1.3.1-1+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46828", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtirpc: DoS vulnerability with lots of connections", + "Description": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed", + "https://access.redhat.com/errata/RHSA-2022:8400", + "https://access.redhat.com/security/cve/CVE-2021-46828", + "https://bugzilla.redhat.com/2109352", + "https://bugzilla.redhat.com/show_bug.cgi?id=2109352", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118157", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828", + "https://errata.almalinux.org/9/ALSA-2022-8400.html", + "https://errata.rockylinux.org/RLSA-2022:8400", + "https://linux.oracle.com/cve/CVE-2021-46828.html", + "https://linux.oracle.com/errata/ELSA-2022-8400.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-46828", + "https://security.gentoo.org/glsa/202210-33", + "https://security.netapp.com/advisory/ntap-20221007-0004/", + "https://ubuntu.com/security/notices/USN-5538-1", + "https://www.cve.org/CVERecord?id=CVE-2021-46828", + "https://www.debian.org/security/2022/dsa-5200" + ], + "PublishedDate": "2022-07-20T06:15:00Z", + "LastModifiedDate": "2022-12-02T20:02:00Z" + }, + { + "VulnerabilityID": "CVE-2021-46828", + "VendorIDs": [ + "DSA-5200-1" + ], + "PkgID": "libtirpc3@1.3.1-1", + "PkgName": "libtirpc3", + "InstalledVersion": "1.3.1-1", + "FixedVersion": "1.3.1-1+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46828", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libtirpc: DoS vulnerability with lots of connections", + "Description": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed", + "https://access.redhat.com/errata/RHSA-2022:8400", + "https://access.redhat.com/security/cve/CVE-2021-46828", + "https://bugzilla.redhat.com/2109352", + "https://bugzilla.redhat.com/show_bug.cgi?id=2109352", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118157", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828", + "https://errata.almalinux.org/9/ALSA-2022-8400.html", + "https://errata.rockylinux.org/RLSA-2022:8400", + "https://linux.oracle.com/cve/CVE-2021-46828.html", + "https://linux.oracle.com/errata/ELSA-2022-8400.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-46828", + "https://security.gentoo.org/glsa/202210-33", + "https://security.netapp.com/advisory/ntap-20221007-0004/", + "https://ubuntu.com/security/notices/USN-5538-1", + "https://www.cve.org/CVERecord?id=CVE-2021-46828", + "https://www.debian.org/security/2022/dsa-5200" + ], + "PublishedDate": "2022-07-20T06:15:00Z", + "LastModifiedDate": "2022-12-02T20:02:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3821", + "PkgID": "libudev1@247.3-7", + "PkgName": "libudev1", + "InstalledVersion": "247.3-7", + "FixedVersion": "247.3-7+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "buffer overrun in format_timespan() function", + "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0336", + "https://access.redhat.com/security/cve/CVE-2022-3821", + "https://bugzilla.redhat.com/2139327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", + "https://errata.almalinux.org/9/ALSA-2023-0336.html", + "https://errata.rockylinux.org/RLSA-2023:0336", + "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", + "https://github.com/systemd/systemd/issues/23928", + "https://github.com/systemd/systemd/pull/23933", + "https://linux.oracle.com/cve/CVE-2022-3821.html", + "https://linux.oracle.com/errata/ELSA-2023-0336.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", + "https://security.gentoo.org/glsa/202305-15", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3821" + ], + "PublishedDate": "2022-11-08T22:15:00Z", + "LastModifiedDate": "2023-06-29T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4415", + "PkgID": "libudev1@247.3-7", + "PkgName": "libudev1", + "InstalledVersion": "247.3-7", + "FixedVersion": "247.3-7+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4415", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", + "Description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0954", + "https://access.redhat.com/security/cve/CVE-2022-4415", + "https://bugzilla.redhat.com/2149063", + "https://bugzilla.redhat.com/2155515", + "https://bugzilla.redhat.com/show_bug.cgi?id=2155515", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164049", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415", + "https://errata.almalinux.org/9/ALSA-2023-0954.html", + "https://errata.rockylinux.org/RLSA-2023:0837", + "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", + "https://linux.oracle.com/cve/CVE-2022-4415.html", + "https://linux.oracle.com/errata/ELSA-2023-0954.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4415", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4415", + "https://www.openwall.com/lists/oss-security/2022/12/21/3" + ], + "PublishedDate": "2023-01-11T15:15:00Z", + "LastModifiedDate": "2023-02-02T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2023-1999", + "VendorIDs": [ + "DSA-5408-1" + ], + "PkgID": "libwebp6@0.6.1-2.1", + "PkgName": "libwebp6", + "InstalledVersion": "0.6.1-2.1", + "FixedVersion": "0.6.1-2.1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1999", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Double-free in libwebp", + "Description": "There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2078", + "https://access.redhat.com/security/cve/CVE-2023-1999", + "https://bugzilla.redhat.com/2186102", + "https://bugzilla.redhat.com/show_bug.cgi?id=2186102", + "https://chromium.googlesource.com/webm/libwebp", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999", + "https://errata.almalinux.org/9/ALSA-2023-2078.html", + "https://errata.rockylinux.org/RLSA-2023:2076", + "https://linux.oracle.com/cve/CVE-2023-1999.html", + "https://linux.oracle.com/errata/ELSA-2023-2078.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1999", + "https://ubuntu.com/security/notices/USN-6078-1", + "https://ubuntu.com/security/notices/USN-6078-2", + "https://www.cve.org/CVERecord?id=CVE-2023-1999", + "https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999", + "https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999", + "https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999" + ], + "PublishedDate": "2023-06-20T12:15:00Z", + "LastModifiedDate": "2023-07-05T12:47:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3138", + "VendorIDs": [ + "DSA-5433-1" + ], + "PkgID": "libx11-6@2:1.7.2-1", + "PkgName": "libx11-6", + "InstalledVersion": "2:1.7.2-1", + "FixedVersion": "2:1.7.2-1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3138", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", + "Description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3138", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3138", + "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", + "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", + "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3138", + "https://ubuntu.com/security/notices/USN-6168-1", + "https://ubuntu.com/security/notices/USN-6168-2", + "https://www.cve.org/CVERecord?id=CVE-2023-3138" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-07-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3138", + "VendorIDs": [ + "DSA-5433-1" + ], + "PkgID": "libx11-data@2:1.7.2-1", + "PkgName": "libx11-data", + "InstalledVersion": "2:1.7.2-1", + "FixedVersion": "2:1.7.2-1+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3138", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", + "Description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3138", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3138", + "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", + "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", + "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3138", + "https://ubuntu.com/security/notices/USN-6168-1", + "https://ubuntu.com/security/notices/USN-6168-2", + "https://www.cve.org/CVERecord?id=CVE-2023-3138" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-07-07T13:05:00Z" + }, + { + "VulnerabilityID": "CVE-2022-40303", + "VendorIDs": [ + "DSA-5271-1" + ], + "PkgID": "libxml2@2.9.10+dfsg-6.7+deb11u2", + "PkgName": "libxml2", + "InstalledVersion": "2.9.10+dfsg-6.7+deb11u2", + "FixedVersion": "2.9.10+dfsg-6.7+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40303", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflows with XML_PARSE_HUGE", + "Description": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Dec/21", + "http://seclists.org/fulldisclosure/2022/Dec/24", + "http://seclists.org/fulldisclosure/2022/Dec/25", + "http://seclists.org/fulldisclosure/2022/Dec/26", + "https://access.redhat.com/errata/RHSA-2023:0338", + "https://access.redhat.com/security/cve/CVE-2022-40303", + "https://bugzilla.redhat.com/2136266", + "https://bugzilla.redhat.com/2136288", + "https://bugzilla.redhat.com/show_bug.cgi?id=2136266", + "https://bugzilla.redhat.com/show_bug.cgi?id=2136288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", + "https://errata.almalinux.org/9/ALSA-2023-0338.html", + "https://errata.rockylinux.org/RLSA-2023:0173", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", + "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", + "https://linux.oracle.com/cve/CVE-2022-40303.html", + "https://linux.oracle.com/errata/ELSA-2023-0338.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-40303", + "https://security.netapp.com/advisory/ntap-20221209-0003/", + "https://support.apple.com/kb/HT213531", + "https://support.apple.com/kb/HT213533", + "https://support.apple.com/kb/HT213534", + "https://support.apple.com/kb/HT213535", + "https://support.apple.com/kb/HT213536", + "https://ubuntu.com/security/notices/USN-5760-1", + "https://ubuntu.com/security/notices/USN-5760-2", + "https://www.cve.org/CVERecord?id=CVE-2022-40303" + ], + "PublishedDate": "2022-11-23T00:15:00Z", + "LastModifiedDate": "2023-01-11T17:29:00Z" + }, + { + "VulnerabilityID": "CVE-2022-40304", + "VendorIDs": [ + "DSA-5271-1" + ], + "PkgID": "libxml2@2.9.10+dfsg-6.7+deb11u2", + "PkgName": "libxml2", + "InstalledVersion": "2.9.10+dfsg-6.7+deb11u2", + "FixedVersion": "2.9.10+dfsg-6.7+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40304", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "dict corruption caused by entity reference cycles", + "Description": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-611" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Dec/21", + "http://seclists.org/fulldisclosure/2022/Dec/24", + "http://seclists.org/fulldisclosure/2022/Dec/25", + "http://seclists.org/fulldisclosure/2022/Dec/26", + "https://access.redhat.com/errata/RHSA-2023:0338", + "https://access.redhat.com/security/cve/CVE-2022-40304", + "https://bugzilla.redhat.com/2136266", + "https://bugzilla.redhat.com/2136288", + "https://bugzilla.redhat.com/show_bug.cgi?id=2136266", + "https://bugzilla.redhat.com/show_bug.cgi?id=2136288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", + "https://errata.almalinux.org/9/ALSA-2023-0338.html", + "https://errata.rockylinux.org/RLSA-2023:0173", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", + "https://gitlab.gnome.org/GNOME/libxml2/-/tags", + "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", + "https://linux.oracle.com/cve/CVE-2022-40304.html", + "https://linux.oracle.com/errata/ELSA-2023-0338.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-40304", + "https://security.netapp.com/advisory/ntap-20221209-0003/", + "https://support.apple.com/kb/HT213531", + "https://support.apple.com/kb/HT213533", + "https://support.apple.com/kb/HT213534", + "https://support.apple.com/kb/HT213535", + "https://support.apple.com/kb/HT213536", + "https://ubuntu.com/security/notices/USN-5760-1", + "https://ubuntu.com/security/notices/USN-5760-2", + "https://www.cve.org/CVERecord?id=CVE-2022-40304" + ], + "PublishedDate": "2022-11-23T18:15:00Z", + "LastModifiedDate": "2023-02-23T22:20:00Z" + }, + { + "VulnerabilityID": "CVE-2023-28484", + "VendorIDs": [ + "DSA-5391-1" + ], + "PkgID": "libxml2@2.9.10+dfsg-6.7+deb11u2", + "PkgName": "libxml2", + "InstalledVersion": "2.9.10+dfsg-6.7+deb11u2", + "FixedVersion": "2.9.10+dfsg-6.7+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28484", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "NULL dereference in xmlSchemaFixupComplexType", + "Description": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28484", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/491", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", + "https://security.netapp.com/advisory/ntap-20230601-0006/", + "https://ubuntu.com/security/notices/USN-6028-1", + "https://www.cve.org/CVERecord?id=CVE-2023-28484" + ], + "PublishedDate": "2023-04-24T21:15:00Z", + "LastModifiedDate": "2023-06-01T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29469", + "VendorIDs": [ + "DSA-5391-1" + ], + "PkgID": "libxml2@2.9.10+dfsg-6.7+deb11u2", + "PkgName": "libxml2", + "InstalledVersion": "2.9.10+dfsg-6.7+deb11u2", + "FixedVersion": "2.9.10+dfsg-6.7+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29469", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Hashing of empty dict strings isn't deterministic", + "Description": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-29469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/510", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", + "https://security.netapp.com/advisory/ntap-20230601-0006/", + "https://ubuntu.com/security/notices/USN-6028-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29469" + ], + "PublishedDate": "2023-04-24T21:15:00Z", + "LastModifiedDate": "2023-06-01T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-44617", + "PkgID": "libxpm4@1:3.5.12-1", + "PkgName": "libxpm4", + "InstalledVersion": "1:3.5.12-1", + "FixedVersion": "1:3.5.12-1.1~deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44617", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libXpm: Runaway loop on width of 0 and enormous height", + "Description": "A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0383", + "https://access.redhat.com/security/cve/CVE-2022-44617", + "https://bugzilla.redhat.com/2160092", + "https://bugzilla.redhat.com/2160193", + "https://bugzilla.redhat.com/2160213", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", + "https://errata.almalinux.org/9/ALSA-2023-0383.html", + "https://errata.rockylinux.org/RLSA-2023:0379", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", + "https://linux.oracle.com/cve/CVE-2022-44617.html", + "https://linux.oracle.com/errata/ELSA-2023-0383.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", + "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44617", + "https://ubuntu.com/security/notices/USN-5807-1", + "https://ubuntu.com/security/notices/USN-5807-2", + "https://www.cve.org/CVERecord?id=CVE-2022-44617" + ], + "PublishedDate": "2023-02-06T23:15:00Z", + "LastModifiedDate": "2023-06-20T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-46285", + "PkgID": "libxpm4@1:3.5.12-1", + "PkgName": "libxpm4", + "InstalledVersion": "1:3.5.12-1", + "FixedVersion": "1:3.5.12-1.1~deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-46285", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libXpm: Infinite loop on unclosed comments", + "Description": "A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0383", + "https://access.redhat.com/security/cve/CVE-2022-46285", + "https://bugzilla.redhat.com/2160092", + "https://bugzilla.redhat.com/2160193", + "https://bugzilla.redhat.com/2160213", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", + "https://errata.almalinux.org/9/ALSA-2023-0383.html", + "https://errata.rockylinux.org/RLSA-2023:0379", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", + "https://linux.oracle.com/cve/CVE-2022-46285.html", + "https://linux.oracle.com/errata/ELSA-2023-0383.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", + "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-46285", + "https://ubuntu.com/security/notices/USN-5807-1", + "https://ubuntu.com/security/notices/USN-5807-2", + "https://ubuntu.com/security/notices/USN-5807-3", + "https://www.cve.org/CVERecord?id=CVE-2022-46285" + ], + "PublishedDate": "2023-02-07T19:15:00Z", + "LastModifiedDate": "2023-06-20T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4883", + "PkgID": "libxpm4@1:3.5.12-1", + "PkgName": "libxpm4", + "InstalledVersion": "1:3.5.12-1", + "FixedVersion": "1:3.5.12-1.1~deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4883", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libXpm: compression commands depend on $PATH", + "Description": "A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0383", + "https://access.redhat.com/security/cve/CVE-2022-4883", + "https://bugzilla.redhat.com/2160092", + "https://bugzilla.redhat.com/2160193", + "https://bugzilla.redhat.com/2160213", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160092", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2160213", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44617", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46285", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4883", + "https://errata.almalinux.org/9/ALSA-2023-0383.html", + "https://errata.rockylinux.org/RLSA-2023:0379", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669", + "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9", + "https://linux.oracle.com/cve/CVE-2022-4883.html", + "https://linux.oracle.com/errata/ELSA-2023-0383.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", + "https://lists.x.org/archives/xorg-announce/2023-January/003312.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4883", + "https://ubuntu.com/security/notices/USN-5807-1", + "https://ubuntu.com/security/notices/USN-5807-2", + "https://www.cve.org/CVERecord?id=CVE-2022-4883" + ], + "PublishedDate": "2023-02-07T19:15:00Z", + "LastModifiedDate": "2023-06-20T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-30560", + "VendorIDs": [ + "DSA-5216-1" + ], + "PkgID": "libxslt1.1@1.1.34-4", + "PkgName": "libxslt1.1", + "InstalledVersion": "1.1.34-4", + "FixedVersion": "1.1.34-4+deb11u1", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-30560", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...", + "Description": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + } + }, + "References": [ + "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html", + "https://crbug.com/1219209", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560", + "https://github.com/advisories/GHSA-59gp-qqm7-cw4j", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml", + "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2", + "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2", + "https://lists.debian.org/debian-devel/2022/07/msg00287.html", + "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", + "https://ubuntu.com/security/notices/USN-5575-1", + "https://ubuntu.com/security/notices/USN-5575-2", + "https://www.debian.org/security/2022/dsa-5216" + ], + "PublishedDate": "2021-08-03T19:15:00Z", + "LastModifiedDate": "2022-10-27T20:10:00Z" + }, + { + "VulnerabilityID": "CVE-2022-29458", + "PkgID": "ncurses-base@6.2+20201114-2", + "PkgName": "ncurses-base", + "InstalledVersion": "6.2+20201114-2", + "FixedVersion": "6.2+20201114-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "segfaulting OOB read", + "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-29458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458", + "https://invisible-island.net/ncurses/NEWS.html#t20220416", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5477-1", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2022-29458" + ], + "PublishedDate": "2022-04-18T21:15:00Z", + "LastModifiedDate": "2022-11-08T19:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-29458", + "PkgID": "ncurses-bin@6.2+20201114-2", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.2+20201114-2", + "FixedVersion": "6.2+20201114-2+deb11u1", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "segfaulting OOB read", + "Description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/security/cve/CVE-2022-29458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458", + "https://invisible-island.net/ncurses/NEWS.html#t20220416", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5477-1", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2022-29458" + ], + "PublishedDate": "2022-04-18T21:15:00Z", + "LastModifiedDate": "2022-11-08T19:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2068", + "VendorIDs": [ + "DSA-5169-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u3", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2068", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "the c_rehash script allows command injection", + "Description": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2068", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7", + "https://linux.oracle.com/cve/CVE-2022-2068.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2068", + "https://security.netapp.com/advisory/ntap-20220707-0008/", + "https://ubuntu.com/security/notices/USN-5488-1", + "https://ubuntu.com/security/notices/USN-5488-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2068", + "https://www.debian.org/security/2022/dsa-5169", + "https://www.openssl.org/news/secadv/20220621.txt" + ], + "PublishedDate": "2022-06-21T15:15:00Z", + "LastModifiedDate": "2023-03-01T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:54:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2097", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2097", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "AES OCB fails to encrypt some bytes", + "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-326" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2097", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", + "https://github.com/advisories/GHSA-3wx7-46ch-7rq2", + "https://linux.oracle.com/cve/CVE-2022-2097.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", + "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220715-0011/", + "https://security.netapp.com/advisory/ntap-20230420-0008/", + "https://ubuntu.com/security/notices/USN-5502-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2097", + "https://www.debian.org/security/2023/dsa-5343", + "https://www.openssl.org/news/secadv/20220705.txt" + ], + "PublishedDate": "2022-07-05T11:15:00Z", + "LastModifiedDate": "2023-04-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "VendorIDs": [ + "DSA-5343-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u4", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", + "Severity": "MEDIUM", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:1405", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "VendorIDs": [ + "DSA-5417-1" + ], + "PkgID": "openssl@1.1.1n-0+deb11u2", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u2", + "FixedVersion": "1.1.1n-0+deb11u5", + "Layer": { + "Digest": "sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b", + "DiffID": "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:00Z", + "LastModifiedDate": "2023-06-08T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37434", + "VendorIDs": [ + "DSA-5218-1" + ], + "PkgID": "zlib1g@1:1.2.11.dfsg-2+deb11u1", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.11.dfsg-2+deb11u1", + "FixedVersion": "1:1.2.11.dfsg-2+deb11u2", + "Layer": { + "Digest": "sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda", + "DiffID": "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37434", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field", + "Description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/37", + "http://seclists.org/fulldisclosure/2022/Oct/38", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "http://seclists.org/fulldisclosure/2022/Oct/42", + "http://www.openwall.com/lists/oss-security/2022/08/05/2", + "http://www.openwall.com/lists/oss-security/2022/08/09/1", + "https://access.redhat.com/errata/RHSA-2022:8291", + "https://access.redhat.com/security/cve/CVE-2022-37434", + "https://bugzilla.redhat.com/2116639", + "https://bugzilla.redhat.com/show_bug.cgi?id=2043753", + "https://bugzilla.redhat.com/show_bug.cgi?id=2116639", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434", + "https://errata.almalinux.org/9/ALSA-2022-8291.html", + "https://errata.rockylinux.org/RLSA-2022:7793", + "https://github.com/curl/curl/issues/9271", + "https://github.com/ivd38/zlib_overflow", + "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", + "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", + "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", + "https://linux.oracle.com/cve/CVE-2022-37434.html", + "https://linux.oracle.com/errata/ELSA-2023-1095.html", + "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37434", + "https://security.netapp.com/advisory/ntap-20220901-0005/", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://support.apple.com/kb/HT213488", + "https://support.apple.com/kb/HT213489", + "https://support.apple.com/kb/HT213490", + "https://support.apple.com/kb/HT213491", + "https://support.apple.com/kb/HT213493", + "https://support.apple.com/kb/HT213494", + "https://ubuntu.com/security/notices/USN-5570-1", + "https://ubuntu.com/security/notices/USN-5570-2", + "https://ubuntu.com/security/notices/USN-5573-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37434", + "https://www.debian.org/security/2022/dsa-5218" + ], + "PublishedDate": "2022-08-05T07:15:00Z", + "LastModifiedDate": "2023-07-19T00:56:00Z" + } + ] + } + ] +} diff --git a/test/helpers.bash b/test/helpers.bash new file mode 100644 index 0000000..b12f3f6 --- /dev/null +++ b/test/helpers.bash @@ -0,0 +1,25 @@ +#!/bin/bash + +assert_equal() { + if [[ "$1" != "$2" ]]; then + echo "actual: $1" + echo "expected: $2" + return 1 + fi +} + +assert_not_equal() { + if [[ "$1" != "$2" ]]; then + echo "actual: $1" + return 0 + fi +} + +assert_success() { + if [[ "$status" != 0 ]]; then + echo "expected: 0" + echo "actual: $status" + echo "output: $output" + return 1 + fi +} diff --git a/test/test.bats b/test/test.bats new file mode 100755 index 0000000..67abef6 --- /dev/null +++ b/test/test.bats @@ -0,0 +1,19 @@ +#!/usr/bin/env bats + +load helpers + +teardown_file(){ + docker stop buildkitd +} + +@test "Check patched image exists" { + docker images + id=$(docker images --quiet 'nginx:1.21.6-patched') + assert_not_equal "$id" "" +} + +@test "Run trivy on patched image" { + trivy image --vuln-type os --ignore-unfixed -f json -o nginx.1.21.6-patched.json 'docker.io/library/nginx:1.21.6-patched' + vulns=$(jq '.Results[0].Vulnerabilities | length' nginx.1.21.6-patched.json) + assert_equal "$vulns" "0" +}