CWE-391
Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
CVE-2017-12185 (GCVE-0-2017-12185)
Vulnerability from cvelistv5 – Published: 2018-01-24 15:00 – Updated: 2024-08-05 18:28
VLAI
Summary
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2017/dsa-4000 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://cgit.freedesktop.org/xorg/xserver/commit/… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509215 | x_refsource_CONFIRM |
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4000",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1509215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12185",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2017-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:28:16.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12186 (GCVE-0-2017-12186)
Vulnerability from cvelistv5 – Published: 2018-01-24 15:00 – Updated: 2024-09-17 00:46
VLAI
Summary
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2017/dsa-4000 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509216 | x_refsource_CONFIRM |
| https://cgit.freedesktop.org/xorg/xserver/commit/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The X.Org Foundation | xorg-x11-server |
Affected:
before 1.19.5
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xorg-x11-server",
"vendor": "The X.Org Foundation",
"versions": [
{
"status": "affected",
"version": "before 1.19.5"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-25T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-12186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before 1.19.5"
}
]
}
}
]
},
"vendor_name": "The X.Org Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4000",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1509216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509216"
},
{
"name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12186",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2017-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:46:33.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12187 (GCVE-0-2017-12187)
Vulnerability from cvelistv5 – Published: 2018-01-24 15:00 – Updated: 2024-09-16 19:30
VLAI
Summary
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2017/dsa-4000 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509217 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://cgit.freedesktop.org/xorg/xserver/commit/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The X.Org Foundation | xorg-x11-server |
Affected:
before 1.19.5
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509217"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xorg-x11-server",
"vendor": "The X.Org Foundation",
"versions": [
{
"status": "affected",
"version": "before 1.19.5"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509217"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-12187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before 1.19.5"
}
]
}
}
]
},
"vendor_name": "The X.Org Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4000",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4000"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1509217",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509217"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12187",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2017-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:41.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7496 (GCVE-0-2017-7496)
Vulnerability from cvelistv5 – Published: 2017-06-26 14:00 – Updated: 2024-08-05 16:04
VLAI
Summary
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pagure.io/arm-image-installer/pull-request/10 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | fedora-arm-installer |
Affected:
up to and including 1.99.16
|
Date Public
2017-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/arm-image-installer/pull-request/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fedora-arm-installer",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "up to and including 1.99.16"
}
]
}
],
"datePublic": "2017-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/arm-image-installer/pull-request/10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7496",
"datePublished": "2017-06-26T14:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1091 (GCVE-0-2018-1091)
Vulnerability from cvelistv5 – Published: 2018-03-27 21:00 – Updated: 2024-08-05 03:51
VLAI
Summary
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
Severity
No CVSS data available.
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1558149 | x_refsource_CONFIRM |
| https://www.kernel.org/pub/linux/kernel/v4.x/Chan… | x_refsource_CONFIRM |
| https://marc.info/?l=linuxppc-embedded&m=15053553… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/cve-2018-1091 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:1318 | vendor-advisoryx_refsource_REDHAT |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/c1fa0768… | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2018/03/27/4 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux kernel v4.13 and newer |
Affected:
Linux kernel v4.13 and newer
|
Date Public
2018-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1091"
},
{
"name": "RHSA-2018:1318",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2018/03/27/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel v4.13 and newer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel v4.13 and newer"
}
]
}
],
"datePublic": "2018-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1091"
},
{
"name": "RHSA-2018:1318",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwall.com/lists/oss-security/2018/03/27/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel v4.13 and newer",
"version": {
"version_data": [
{
"version_value": "Linux kernel v4.13 and newer"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"name": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2",
"refsource": "CONFIRM",
"url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
},
{
"name": "https://access.redhat.com/security/cve/cve-2018-1091",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/cve-2018-1091"
},
{
"name": "RHSA-2018:1318",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"name": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
},
{
"name": "http://openwall.com/lists/oss-security/2018/03/27/4",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2018/03/27/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1091",
"datePublished": "2018-03-27T21:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:51:48.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14853 (GCVE-0-2019-14853)
Vulnerability from cvelistv5 – Published: 2019-11-26 12:06 – Updated: 2024-08-05 00:26
VLAI
Summary
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/warner/python-ecdsa/releases/t… | x_refsource_MISC |
| https://www.debian.org/security/2019/dsa-4588 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Dec/33 | mailing-listx_refsource_BUGTRAQ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | python-ecdsa |
Affected:
0.13.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3"
},
{
"name": "DSA-4588",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4588"
},
{
"name": "20191218 [SECURITY] [DSA 4588-1] python-ecdsa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-ecdsa",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "0.13.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T12:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3"
},
{
"name": "DSA-4588",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4588"
},
{
"name": "20191218 [SECURITY] [DSA 4588-1] python-ecdsa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-14853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-ecdsa",
"version": {
"version_data": [
{
"version_value": "0.13.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853"
},
{
"name": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3",
"refsource": "MISC",
"url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3"
},
{
"name": "DSA-4588",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4588"
},
{
"name": "20191218 [SECURITY] [DSA 4588-1] python-ecdsa security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14853",
"datePublished": "2019-11-26T12:06:20.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14383 (GCVE-0-2020-14383)
Vulnerability from cvelistv5 – Published: 2020-12-02 00:00 – Updated: 2024-08-15 15:47
VLAI
Summary
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892636"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2020-14383.html"
},
{
"name": "GLSA-202012-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-24"
},
{
"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:10:17.178172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:47:32.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "samba 4.11.15, samba 4.12.9, samba 4.13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in samba\u0027s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:05:57.710Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892636"
},
{
"url": "https://www.samba.org/samba/security/CVE-2020-14383.html"
},
{
"name": "GLSA-202012-24",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202012-24"
},
{
"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14383",
"datePublished": "2020-12-02T00:00:00.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-15T15:47:32.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20849 (GCVE-0-2022-20849)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:31 – Updated: 2024-11-15 15:46
VLAI
Title
Cisco IOS XR Software Broadband Network Gateway PPPoE Denial of Service Vulnerability
Summary
A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash.
This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .
Severity
6.1 (Medium)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.6.1 Affected: 6.5.15 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.2 Affected: 6.5.1 Affected: 6.5.2 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.7.2 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.8.1 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.3.3 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:46:04.754318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:46:25.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco\u0026nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash.\r\nThis vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "Unchecked Error Condition",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:31:20.913Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-bng-Gmg5Gxt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
}
],
"source": {
"advisory": "cisco-sa-iosxr-bng-Gmg5Gxt",
"defects": [
"CSCwa57311"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software Broadband Network Gateway PPPoE Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20849",
"datePublished": "2024-11-15T15:31:20.913Z",
"dateReserved": "2021-11-02T13:28:29.180Z",
"dateUpdated": "2024-11-15T15:46:25.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22160 (GCVE-0-2022-22160)
Vulnerability from cvelistv5 – Published: 2022-01-19 00:21 – Updated: 2024-09-17 03:59
VLAI
Title
Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message
Summary
An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.
Severity
6.5 (Medium)
CWE
- CWE-391 - Unchecked Error Condition
- Denial of Service (DoS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11268 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.4R3-S10
(custom)
Unaffected: unspecified , < 16.1R1 (custom) Affected: 16.1R1 , < 16.1* (custom) Affected: 19.1 , < 19.1R2-S3, 19.1R3-S7 (custom) Affected: 19.2 , < 19.2R1-S8, 19.2R3-S4 (custom) Affected: 19.3 , < 19.3R3-S4 (custom) Affected: 19.4 , < 19.4R3-S5 (custom) Affected: 20.1 , < 20.1R3-S3 (custom) Affected: 20.2 , < 20.2R3-S3 (custom) Affected: 20.3 , < 20.3R3-S2 (custom) Affected: 20.4 , < 20.4R3 (custom) Affected: 21.1 , < 21.1R3 (custom) Affected: 21.2 , < 21.2R2 (custom) |
Date Public
2022-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "16.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R1",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S5",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following is an example of an affected configuration:\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group \u003cgroup-name1\u003e {\n overrides {\n ...\n dual-stack \u003cdual-stack-group-name\u003e;\n }\n ...\n interface pp0.0;\n ...\n }"
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391 Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:03.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11268"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R3-S5, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11268",
"defect": [
"1580528"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message",
"workarounds": [
{
"lang": "en",
"value": "Remove the pp0 interface from a DHCPv6 dual-stack group and move to its own group with no dual-stack enabled.\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group \u003cgroup-name1\u003e {\n overrides {\n ...\n dual-stack \u003cdual-stack-group-name\u003e;\n }\n ...\n interface pp0.0; \u003c\u003c\u003c\u003c\u003c delete and add to new group\n ...\n }\n\n group \u003cgroup-name2\u003e { \u003c\u003c\u003c\u003c\u003c new group for PP0 interfaces to be handled separately.\n ...\n interface pp0.0; \u003c\u003c\u003c\u003c\u003c\n ...\n }"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22160",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "\u003e=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_value": "18.4R3-S10"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"platform": "MX Series",
"version_affected": "!\u003c",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following is an example of an affected configuration:\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group \u003cgroup-name1\u003e {\n overrides {\n ...\n dual-stack \u003cdual-stack-group-name\u003e;\n }\n ...\n interface pp0.0;\n ...\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391 Unchecked Error Condition"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11268",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11268"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R3-S5, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11268",
"defect": [
"1580528"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Remove the pp0 interface from a DHCPv6 dual-stack group and move to its own group with no dual-stack enabled.\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group \u003cgroup-name1\u003e {\n overrides {\n ...\n dual-stack \u003cdual-stack-group-name\u003e;\n }\n ...\n interface pp0.0; \u003c\u003c\u003c\u003c\u003c delete and add to new group\n ...\n }\n\n group \u003cgroup-name2\u003e { \u003c\u003c\u003c\u003c\u003c new group for PP0 interfaces to be handled separately.\n ...\n interface pp0.0; \u003c\u003c\u003c\u003c\u003c\n ...\n }"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22160",
"datePublished": "2022-01-19T00:21:04.016Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:29.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0572 (GCVE-0-2023-0572)
Vulnerability from cvelistv5 – Published: 2023-01-29 00:00 – Updated: 2025-03-28 15:42
VLAI
Title
Unchecked Error Condition in froxlor/froxlor
Summary
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
Severity
5.3 (Medium)
CWE
- CWE-391 - Unchecked Error Condition
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| froxlor | froxlor/froxlor |
Affected:
unspecified , < 2.0.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T15:42:38.029869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T15:42:50.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "froxlor/froxlor",
"vendor": "froxlor",
"versions": [
{
"lessThan": "2.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\u003c/p\u003e"
}
],
"value": "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391 Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:10:34.390Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec"
},
{
"url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1"
}
],
"source": {
"advisory": "4ab24ee2-3ff6-4248-9555-0af3e5f754ec",
"discovery": "EXTERNAL"
},
"title": "Unchecked Error Condition in froxlor/froxlor",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0572",
"datePublished": "2023-01-29T00:00:00.000Z",
"dateReserved": "2023-01-29T00:00:00.000Z",
"dateUpdated": "2025-03-28T15:42:50.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Requirements
Description:
- The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
Mitigation
Phase: Requirements
Description:
- A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
Mitigation
Phase: Implementation
Description:
- Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
No CAPEC attack patterns related to this CWE.