CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CVE-2023-53156 (GCVE-0-2023-53156)
Vulnerability from cvelistv5 – Published: 2025-07-27 00:00 – Updated: 2025-07-28 15:15
VLAI
Summary
The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments.
Severity
4.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T15:15:22.586130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:15:28.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "transpose",
"vendor": "ejmahler",
"versions": [
{
"lessThan": "0.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T20:32:07.891Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0080.html"
},
{
"url": "https://github.com/ejmahler/transpose/issues/11"
},
{
"url": "https://github.com/advisories/GHSA-5gmm-6m36-r7jh"
},
{
"url": "https://crates.io/crates/transpose"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-53156",
"datePublished": "2025-07-27T00:00:00.000Z",
"dateReserved": "2025-07-27T00:00:00.000Z",
"dateUpdated": "2025-07-28T15:15:28.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5869 (GCVE-0-2023-5869)
Vulnerability from cvelistv5 – Published: 2023-12-10 17:56 – Updated: 2026-03-11 23:06
VLAI
Title
Postgresql: buffer overrun from integer overflow in array modification
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Severity
8.8 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
33 references
Impacted products
54 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-7 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.2 |
Unaffected:
4.2.4-7 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.2::el8 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
Unaffected:
0:9.2.24-9.el7_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::workstation |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231114113712.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231128173330.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231201202407.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231114113548.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions |
Unaffected:
8010020231130170510.c27ad7f8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.1::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
8020020231201202149.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
8020020231201202149.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
8020020231128165246.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
8020020231201202149.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020231127142440.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020231127142440.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020231127153301.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020231127154806.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020231127142440.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231114115246.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231128165328.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231201202249.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231114105206.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231128165335.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231201202316.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231113134015.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:13.13-1.el9_3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9030020231120082734.rhel9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:13.13-1.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::appstream cpe:/a:redhat:rhel_eus:9.0::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:13.13-1.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
9020020231115020618.rhel9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 |
Unaffected:
0:12.17-1.el7 , < *
(rpm)
cpe:/a:redhat:rhel_software_collections:3::el7 |
|
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 |
Unaffected:
0:10.23-2.el7 , < *
(rpm)
cpe:/a:redhat:rhel_software_collections:3::el7 |
|
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 |
Unaffected:
0:13.13-1.el7 , < *
(rpm)
cpe:/a:redhat:rhel_software_collections:3::el7 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-9 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-9 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-7 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-9 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-3.74-RHEL-8 |
Unaffected:
3.74.8-9 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:3.74::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | RHACS-4.1-RHEL-8 |
Unaffected:
4.1.6-6 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.1::el8 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2023-11-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:25:51.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"name": "RHSA-2023:7579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"name": "RHSA-2023:7580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"name": "RHSA-2023:7581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"name": "RHSA-2023:7616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"name": "RHSA-2023:7656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"name": "RHSA-2023:7666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"name": "RHSA-2023:7667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"name": "RHSA-2023:7694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"name": "RHSA-2023:7695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"name": "RHSA-2023:7714",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"name": "RHSA-2023:7770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"name": "RHSA-2023:7771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7771"
},
{
"name": "RHSA-2023:7772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"name": "RHSA-2023:7778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7778"
},
{
"name": "RHSA-2023:7783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7783"
},
{
"name": "RHSA-2023:7784",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"name": "RHSA-2023:7785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"name": "RHSA-2023:7786",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7786"
},
{
"name": "RHSA-2023:7788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7788"
},
{
"name": "RHSA-2023:7789",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7789"
},
{
"name": "RHSA-2023:7790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7790"
},
{
"name": "RHSA-2023:7878",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7878"
},
{
"name": "RHSA-2023:7883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"name": "RHSA-2023:7884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"name": "RHSA-2023:7885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"name": "RHSA-2024:0304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"name": "RHSA-2024:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"name": "RHSA-2024:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5869"
},
{
"name": "RHBZ#2247169",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.postgresql.org/support/security/CVE-2023-5869/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.4-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::client",
"cpe:/o:redhat:enterprise_linux:7::computenode",
"cpe:/o:redhat:enterprise_linux:7::workstation"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:9.2.24-9.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113712.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231128173330.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231201202407.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231114113548.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.1::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8010020231130170510.c27ad7f8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231201202149.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231201202149.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231128165246.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231201202149.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127142440.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127142440.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127153301.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127154806.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231127142440.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231114115246.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128165328.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231201202249.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:13",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231114105206.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:12",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231128165335.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:10",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231201202316.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231113134015.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9030020231120082734.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/a:redhat:rhel_eus:9.0::crb"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "postgresql:15",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9020020231115020618.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql12-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:12.17-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql10-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:10.23-2.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3::el7"
],
"defaultStatus": "affected",
"packageName": "rh-postgresql13-postgresql",
"product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.13-1.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3.74::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-3.74-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.74.8-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.1::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "RHACS-4.1-RHEL-8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.1.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "postgresql",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "postgresql:16/postgresql",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Pedro Gallegos as the original reporter."
}
],
"datePublic": "2023-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T23:06:27.425Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7545"
},
{
"name": "RHSA-2023:7579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7579"
},
{
"name": "RHSA-2023:7580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7580"
},
{
"name": "RHSA-2023:7581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7581"
},
{
"name": "RHSA-2023:7616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7616"
},
{
"name": "RHSA-2023:7656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7656"
},
{
"name": "RHSA-2023:7666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7666"
},
{
"name": "RHSA-2023:7667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7667"
},
{
"name": "RHSA-2023:7694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7694"
},
{
"name": "RHSA-2023:7695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7695"
},
{
"name": "RHSA-2023:7714",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7714"
},
{
"name": "RHSA-2023:7770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7770"
},
{
"name": "RHSA-2023:7771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7771"
},
{
"name": "RHSA-2023:7772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7772"
},
{
"name": "RHSA-2023:7778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7778"
},
{
"name": "RHSA-2023:7783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7783"
},
{
"name": "RHSA-2023:7784",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7784"
},
{
"name": "RHSA-2023:7785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7785"
},
{
"name": "RHSA-2023:7786",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7786"
},
{
"name": "RHSA-2023:7788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7788"
},
{
"name": "RHSA-2023:7789",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7789"
},
{
"name": "RHSA-2023:7790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7790"
},
{
"name": "RHSA-2023:7878",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7878"
},
{
"name": "RHSA-2023:7883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7883"
},
{
"name": "RHSA-2023:7884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7884"
},
{
"name": "RHSA-2023:7885",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7885"
},
{
"name": "RHSA-2024:0304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"name": "RHSA-2024:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"name": "RHSA-2024:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0337"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5869"
},
{
"name": "RHBZ#2247169",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-5869/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-31T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-09T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Postgresql: buffer overrun from integer overflow in array modification",
"workarounds": [
{
"lang": "en",
"value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5869",
"datePublished": "2023-12-10T17:56:57.131Z",
"dateReserved": "2023-10-31T03:56:42.638Z",
"dateUpdated": "2026-03-11T23:06:27.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6478 (GCVE-0-2023-6478)
Vulnerability from cvelistv5 – Published: 2023-12-13 06:27 – Updated: 2025-11-20 07:07
VLAI
Title
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
Summary
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
Severity
7.6 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
19 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.13 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
Unaffected:
0:1.8.0-28.el7_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::computenode |
|
| Red Hat | Red Hat Enterprise Linux 7 |
Unaffected:
0:1.20.4-25.el7_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::computenode |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-2.el8_9.4 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-22.el8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-15.el8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
0:1.9.0-15.el8_2.6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
0:1.9.0-15.el8_2.6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_tus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
0:1.12.0-6.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.13.1-3.el9_3.3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-24.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:22.1.9-5.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:1.11.0-22.el9_0.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.2 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2023-12-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
},
{
"name": "RHSA-2023:7886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7886"
},
{
"name": "RHSA-2024:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0006"
},
{
"name": "RHSA-2024:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0009"
},
{
"name": "RHSA-2024:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0010"
},
{
"name": "RHSA-2024:0014",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0014"
},
{
"name": "RHSA-2024:0015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0015"
},
{
"name": "RHSA-2024:0016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0016"
},
{
"name": "RHSA-2024:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0017"
},
{
"name": "RHSA-2024:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0018"
},
{
"name": "RHSA-2024:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0020"
},
{
"name": "RHSA-2024:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"name": "RHSA-2024:2170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2170"
},
{
"name": "RHSA-2024:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"name": "RHSA-2024:2996",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2996"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6478"
},
{
"name": "RHBZ#2253298",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-30"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::client",
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::workstation",
"cpe:/o:redhat:enterprise_linux:7::computenode"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-28.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::client",
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::workstation",
"cpe:/o:redhat:enterprise_linux:7::computenode"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-25.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-2.el8_9.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-22.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-15.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-3.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-24.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-5.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Peter Hutterer (Red Hat)."
}
],
"datePublic": "2023-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T07:07:30.871Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7886"
},
{
"name": "RHSA-2024:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0006"
},
{
"name": "RHSA-2024:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0009"
},
{
"name": "RHSA-2024:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0010"
},
{
"name": "RHSA-2024:0014",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0014"
},
{
"name": "RHSA-2024:0015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0015"
},
{
"name": "RHSA-2024:0016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0016"
},
{
"name": "RHSA-2024:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0017"
},
{
"name": "RHSA-2024:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0018"
},
{
"name": "RHSA-2024:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0020"
},
{
"name": "RHSA-2024:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"name": "RHSA-2024:2170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2170"
},
{
"name": "RHSA-2024:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"name": "RHSA-2024:2996",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2996"
},
{
"name": "RHSA-2025:12751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12751"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6478"
},
{
"name": "RHBZ#2253298",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-30T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-13T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6478",
"datePublished": "2023-12-13T06:27:41.017Z",
"dateReserved": "2023-12-04T06:40:47.239Z",
"dateUpdated": "2025-11-20T07:07:30.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0803 (GCVE-0-2024-0803)
Vulnerability from cvelistv5 – Published: 2024-03-14 23:59 – Updated: 2024-08-27 19:56
VLAI
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Severity
9.8 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
26 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q10UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q20UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q50UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q100UDEHCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDPVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDPVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDPVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDPVCPU |
Affected:
The first 5 digits of serial No. "26061" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L02CPU |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L06CPU |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L02CPU-P |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L06CPU-P |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-P |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-BT |
Affected:
The first 5 digits of serial No. "26041" and prior
|
|
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-PBT |
Affected:
The first 5 digits of serial No. "26041" and prior
|
Date Public
2024-03-14 03:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T16:35:33.077868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:56:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:03:42.189Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-0803",
"datePublished": "2024-03-14T23:59:20.916Z",
"dateReserved": "2024-01-23T00:04:40.735Z",
"dateUpdated": "2024-08-27T19:56:00.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10917 (GCVE-0-2024-10917)
Vulnerability from cvelistv5 – Published: 2024-11-11 16:55 – Updated: 2024-11-12 20:14
VLAI
Title
Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength
Summary
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
Severity
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Open J9 |
Affected:
0.8.0 , ≤ 0.47.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:44:26.956117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:14:21.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Open J9",
"repo": "https://github.com/eclipse-openj9/openj9",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "0.47.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."
}
],
"value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:55:11.393Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47"
},
{
"url": "https://github.com/eclipse-openj9/openj9/pull/20362"
},
{
"url": "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10917",
"datePublished": "2024-11-11T16:55:11.393Z",
"dateReserved": "2024-11-06T09:21:23.318Z",
"dateUpdated": "2024-11-12T20:14:21.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11347 (GCVE-0-2024-11347)
Vulnerability from cvelistv5 – Published: 2025-02-13 18:55 – Updated: 2025-02-13 19:09
VLAI
Title
Access of Resource Using Incompatible Type in Postscript interpreter
Summary
Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
Severity
7.3 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark International | CX, XC, CS, et. al. |
Affected:
0 , ≤ CXTLS.240.076
(custom)
Affected: CXTLS.240.200 , < * (custom) Affected: 0 , ≤ MXTLS.240.076 (custom) Affected: MXTLS.240.200 , < * (custom) Affected: 0 , ≤ CSTLS.240.076 (custom) Affected: CSTLS.240.200 , < * (custom) Affected: 0 , ≤ MSNSN.240.042 (custom) Affected: MSNSN.240.200 , < * (custom) Affected: 0 , ≤ MSTSN.240.042 (custom) Affected: MSTSN.240.200 , < * (custom) Affected: 0 , ≤ MXTSN.240.042 (custom) Affected: MXTSN.240.200 , < * (custom) Affected: 0 , ≤ CSNGV.240.042 (custom) Affected: CSNGV.240.200 , < * (custom) Affected: 0 , ≤ CSTGV.240.042 (custom) Affected: CSTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTGV.240.042 (custom) Affected: CXTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTPC.240.042 (custom) Affected: CXTPC.240.200 , < * (custom) Affected: 0 , ≤ CSTPC.240.042 (custom) Affected: CSTPC.240.200 , < * (custom) Affected: 0 , ≤ MXTCT.240.042 (custom) Affected: MXTCT.240.200 , < * (custom) Affected: 0 , ≤ MXTPM.240.042 (custom) Affected: MXTPM.240.200 , < * (custom) Affected: 0 , ≤ CXTMM.240.042 (custom) Affected: CXTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTMM.240.042 (custom) Affected: CSTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTZJ.240.042 (custom) Affected: CSTZJ.240.200 , < * (custom) Affected: 0 , ≤ CSNZJ.240.042 (custom) Affected: CSNZJ.240.200 , < * (custom) Affected: 0 , ≤ CXTZJ.240.042 (custom) Affected: CXTZJ.240.200 , < * (custom) Affected: 0 , ≤ CXNZJ.240.042 (custom) Affected: CXNZJ.240.200 , < * (custom) Affected: 0 , ≤ MSNGM.240.042 (custom) Affected: MSNGM.240.200 , < * (custom) Affected: 0 , ≤ MSTGM.240.042 (custom) Affected: MSTGM.240.200 , < * (custom) Affected: 0 , ≤ MXNGM.240.042 (custom) Affected: MXNGM.240.200 , < * (custom) Affected: 0 , ≤ MXTGM.240.042 (custom) Affected: MXTGM.240.200 , < * (custom) Affected: 0 , ≤ MSNGW.240.042 (custom) Affected: MSNGW.240.200 , < * (custom) Affected: 0 , ≤ MSTGW.240.042 (custom) Affected: MSTGW.240.200 , < * (custom) Affected: 0 , ≤ MXTGW.240.042 (custom) Affected: MXTGW.240.200 , < * (custom) Affected: 0 , ≤ MSLSG.230.401 (custom) Affected: 0 , ≤ MXLSG.230.401 (custom) Affected: 0 , ≤ MSLBD.230.401 (custom) Affected: 0 , ≤ MXLBD.230.401 (custom) Affected: 0 , ≤ CSLBN.230.401 (custom) Affected: 0 , ≤ CSLBL.230.401 (custom) Affected: 0 , ≤ CXLBN.230.401 (custom) Affected: 0 , ≤ CXLBL.230.401 (custom) Affected: 0 , ≤ CXTPP.230.401 (custom) Affected: 0 , ≤ CSTPP.230.401 (custom) Affected: 0 , ≤ CSTAT.230.401 (custom) Affected: 0 , ≤ CXTAT.230.401 (custom) Affected: 0 , ≤ CSTMH.230.401 (custom) Affected: 0 , ≤ CXTMH.230.401 (custom) Affected: 0 , ≤ LW90.TL2.P215 (custom) Affected: 0 , ≤ LW90.PR2.P215 (custom) Affected: 0 , ≤ LW90.PR4.P215 (custom) Affected: 0 , ≤ LW90.SB4.P215 (custom) Affected: 0 , ≤ LW90.SB7.P215 (custom) Affected: 0 , ≤ LW90.DN2.P215 (custom) Affected: 0 , ≤ LW90.DN4.P215 (custom) Affected: 0 , ≤ LW90.DN7.P215 (custom) Affected: 0 , ≤ LW90.TU.P215 (custom) Affected: 0 , ≤ LW90.SA.P215 (custom) Affected: 0 , ≤ LW90.MG.P215 (custom) Affected: 0 , ≤ LW90.GM7.P215 (custom) Affected: 0 , ≤ LW90.GM4.P215 (custom) Affected: 0 , ≤ LW90.VY4.P215 (custom) Affected: 0 , ≤ LW80.PRL.P257 (custom) Affected: 0 , ≤ LW80.SB2.P257 (custom) Affected: 0 , ≤ LW80.VYL.P257 (custom) Affected: 0 , ≤ LW80.VY2.P257 (custom) Affected: 0 , ≤ LW80.GM2.P257 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:08:51.804229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:09:37.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Postscript interpreter"
],
"product": "CX, XC, CS, et. al.",
"vendor": "Lexmark International",
"versions": [
{
"changes": [
{
"at": "CXTLS.240.077 - CXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.077 - MXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.077 - CSTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.043 - MSNSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.043 - MSTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.043 - MXTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.043 - CSNGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.043 - CSTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.043 - CXTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.043 - CXTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.043 - CSTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.043 - MXTCT.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTCT.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTCT.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.043-MXTPM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTPM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTPM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.043-CXTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.043 - CSTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.043 - CSTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.043 - CSNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.043 - CXTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.043 - CXNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.043 - MSNGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGM.240.043 - MSTGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXNGM.240.043 - MXNGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXNGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXNGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXNGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGM.240.043 - MXTGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGW.240.043 - MSNGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGW.240.043 - MSTGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGW.240.043 - MXTGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TL2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TL2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TU.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TU.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SA.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SA.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.MG.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.MG.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.VY4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.VY4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.PRL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.PRL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.SB2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.SB2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VYL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VYL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VY2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VY2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.GM2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.GM2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.\u003cp\u003eThe vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92 Forced Integer Overflow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T18:55:22.943Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type in Postscript interpreter",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2024-11347",
"datePublished": "2025-02-13T18:55:22.943Z",
"dateReserved": "2024-11-18T16:10:43.479Z",
"dateUpdated": "2025-02-13T19:09:37.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1305 (GCVE-0-2024-1305)
Vulnerability from cvelistv5 – Published: 2024-07-08 17:27 – Updated: 2024-08-23 03:55
VLAI
Summary
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
Severity
9.8 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | tap-windows6 |
Affected:
9.26 or earlier
|
|
| OpenVPN | OpenVPN-GUI |
Affected:
2.6.9 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openvpn:openvpn_gui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openvpn_gui",
"vendor": "openvpn",
"versions": [
{
"lessThanOrEqual": "2.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:openvpn:tap_windows6:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tap_windows6",
"vendor": "openvpn",
"versions": [
{
"lessThanOrEqual": "9.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T03:55:36.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "tap-windows6",
"vendor": "OpenVPN",
"versions": [
{
"status": "affected",
"version": "9.26 or earlier"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"tap-windows6"
],
"platforms": [
"Windows"
],
"product": "OpenVPN-GUI",
"vendor": "OpenVPN",
"versions": [
{
"status": "affected",
"version": "2.6.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tap-windows6 driver version 9.26 and earlier does not properly \ncheck the size data of incomming write operations which an attacker can \nuse to overflow memory buffers, resulting in a bug check and potentially\n arbitrary code execution in kernel space"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:27:44.097Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-1305",
"datePublished": "2024-07-08T17:27:44.097Z",
"dateReserved": "2024-02-07T13:22:25.493Z",
"dateUpdated": "2024-08-23T03:55:36.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13614 (GCVE-0-2024-13614)
Vulnerability from cvelistv5 – Published: 2025-02-06 16:13 – Updated: 2025-02-12 19:51
VLAI
Summary
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
Severity
5.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.kaspersky.com/vulnerability/list-… | vendor-advisory |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus SDK for Windows |
Affected:
8.10.1.1943 , ≤ 8.10.1.1943
(custom)
Affected: 8.10.1.1943 CF , ≤ 8.10.1.1943 CF (custom) |
|
| Kaspersky | Kaspersky Security for Virtualization Light Agent |
Affected:
5.2 , < 5.2.27.319
(custom)
Unknown: 5.2.27.319 , ≤ 5.2.27.319 (custom) |
|
| Kaspersky | Kaspersky Endpoint Security for Windows | ||
| Kaspersky | Kaspersky Small Office Security | ||
| Kaspersky | Kaspersky for Windows (Standard, Plus, Premium) | ||
| Kaspersky | Kaspersky Free | ||
| Kaspersky | Kaspersky Anti-Virus | ||
| Kaspersky | Kaspersky Internet Security | ||
| Kaspersky | Kaspersky Security Cloud | ||
| Kaspersky | Kaspersky Safe Kids | ||
| Kaspersky | Kaspersky Anti-Ransomware Tool |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:34:12.660585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:09.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kaspersky Anti-Virus SDK for Windows",
"vendor": "Kaspersky",
"versions": [
{
"lessThanOrEqual": "8.10.1.1943",
"status": "affected",
"version": "8.10.1.1943",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.1.1943 CF",
"status": "affected",
"version": "8.10.1.1943 CF",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kaspersky Security for Virtualization Light Agent",
"vendor": "Kaspersky",
"versions": [
{
"lessThan": "5.2.27.319",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.27.319",
"status": "unknown",
"version": "5.2.27.319",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Endpoint Security for Windows",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Small Office Security",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky for Windows (Standard, Plus, Premium)",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Free",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Anti-Virus",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Internet Security",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Security Cloud",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Safe Kids",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Anti-Ransomware Tool",
"vendor": "Kaspersky"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Schweins"
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
}
],
"exploits": [
{
"lang": "en",
"value": "There have been no recorded attempts to exploit this issue in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:16:54.229Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "Advisory issued on February 6, 2025",
"tags": [
"vendor-advisory"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
}
],
"solutions": [
{
"lang": "en",
"value": "To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions."
},
{
"lang": "en",
"value": "Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud"
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "Advisory published by Kaspersky"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-13614",
"datePublished": "2025-02-06T16:13:08.173Z",
"dateReserved": "2025-01-22T06:31:25.425Z",
"dateUpdated": "2025-02-12T19:51:09.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1580 (GCVE-0-2024-1580)
Vulnerability from cvelistv5 – Published: 2024-02-19 10:34 – Updated: 2025-02-13 17:32
VLAI
Title
Integer overflow in VideoLAN dav1d
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
Severity
5.9 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
15 references
Date Public
2024-02-15 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T15:24:40.372465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:25:01.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214098"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214097"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214095"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214093"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214096"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214094"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/41"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/36"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/38"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/37"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/40"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "dav1d",
"repo": "https://code.videolan.org/videolan/dav1d",
"vendor": "VideoLAN",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-15T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T18:05:51.666Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0"
},
{
"url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/"
},
{
"url": "https://support.apple.com/kb/HT214098"
},
{
"url": "https://support.apple.com/kb/HT214097"
},
{
"url": "https://support.apple.com/kb/HT214095"
},
{
"url": "https://support.apple.com/kb/HT214093"
},
{
"url": "https://support.apple.com/kb/HT214096"
},
{
"url": "https://support.apple.com/kb/HT214094"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/41"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/36"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/38"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/37"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/40"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/39"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer overflow in VideoLAN dav1d",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-1580",
"datePublished": "2024-02-19T10:34:55.113Z",
"dateReserved": "2024-02-16T12:23:14.335Z",
"dateUpdated": "2025-02-13T17:32:17.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1633 (GCVE-0-2024-1633)
Vulnerability from cvelistv5 – Published: 2024-02-19 16:42 – Updated: 2024-08-01 18:48
VLAI
Title
FIP Header Integer Overflow
Summary
During the secure boot, bl2 (the second stage of
the bootloader) loops over images defined in the table “bl2_mem_params_descs”.
For each image, the bl2 reads the image length and destination from the image’s
certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.
Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not
Severity
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Renesas | rcar_gen3_v2.5 |
Affected:
v2.5
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T15:25:37.839796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:26:06.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://asrg.io/security-advisories/CVE-2024-1633/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "arm-trusted-firmware",
"product": "rcar_gen3_v2.5",
"repo": "https://github.com/renesas-rcar/arm-trusted-firmware",
"vendor": "Renesas",
"versions": [
{
"status": "affected",
"version": "v2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer.Fichman@cymotive.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u0026nbsp;Because of the way of reading from the image, which base on\u0026nbsp;32-bit unsigned integer value, it can result to\u0026nbsp;an integer overflow.\u0026nbsp;An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\u003cbr\u003e\u003cbr\u003e Affected git version from\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ec2f286820471ed276c57e603762bd831873e5a17 until (not\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92 Forced Integer Overflow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T16:43:18.206Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"url": "https://asrg.io/security-advisories/CVE-2024-1633/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FIP Header Integer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2024-1633",
"datePublished": "2024-02-19T16:42:29.949Z",
"dateReserved": "2024-02-19T16:36:31.290Z",
"dateUpdated": "2024-08-01T18:48:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Requirements
Description:
- Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation ID: MIT-4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation ID: MIT-8
Phase: Implementation
Strategy: Input Validation
Description:
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation ID: MIT-36
Phase: Implementation
Description:
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation ID: MIT-15
Phase: Architecture and Design
Description:
- For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation ID: MIT-26
Phase: Implementation
Strategy: Compilation or Build Hardening
Description:
- Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.