Search

Find a vulnerability

Search criteria

    64 vulnerabilities found for a700s_firmware by netapp

    CVE-2024-6387 (GCVE-0-2024-6387)

    Vulnerability from nvd – Published: 2024-07-01 12:37 – Updated: 2026-05-12 11:39
    VLAI KEVIntel
    Title
    Openssh: regresshion - race condition in ssh allows rce/dos
    Summary
    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-364 - Signal Handler Race Condition
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4340 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4389 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-6387 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2294604 issue-trackingx_refsource_REDHAT
    https://santandersecurityresearch.github.io/blog/…
    https://www.openssh.com/txt/release-9.8
    https://www.qualys.com/2024/07/01/cve-2024-6387/r…
    https://www.vicarius.io/vsociety/posts/regresshio…
    https://www.exploit-db.com/exploits/52269
    https://packetstorm.news/files/id/190587/
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/02/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/5 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/04/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/04/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/08/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/6 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/11/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/11/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/23/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/23/6 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/28/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/28/3 x_transferred
    https://archlinux.org/news/the-sshd-service-needs… x_transferred
    https://arstechnica.com/security/2024/07/regressh… x_transferred
    https://blog.qualys.com/vulnerabilities-threat-re… x_transferred
    https://explore.alas.aws.amazon.com/CVE-2024-6387.html x_transferred
    https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 x_transferred
    https://ftp.netbsd.org/pub/NetBSD/security/adviso… x_transferred
    https://github.com/AlmaLinux/updates/issues/629 x_transferred
    https://github.com/Azure/AKS/issues/4379 x_transferred
    https://github.com/PowerShell/Win32-OpenSSH/discu… x_transferred
    https://github.com/PowerShell/Win32-OpenSSH/issues/2249 x_transferred
    https://github.com/microsoft/azurelinux/issues/9555 x_transferred
    https://github.com/openela-main/openssh/commit/e1… x_transferred
    https://github.com/oracle/oracle-linux/issues/149 x_transferred
    https://github.com/rapier1/hpn-ssh/issues/87 x_transferred
    https://github.com/zgzhang/cve-2024-6387-poc x_transferred
    https://lists.almalinux.org/archives/list/announc… x_transferred
    https://lists.mindrot.org/pipermail/openssh-unix-… x_transferred
    https://lists.mindrot.org/pipermail/openssh-unix-… x_transferred
    https://news.ycombinator.com/item?id=40843778 x_transferred
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_transferred
    https://security-tracker.debian.org/tracker/CVE-2… x_transferred
    https://security.netapp.com/advisory/ntap-2024070… x_transferred
    https://sig-security.rocky.page/issues/CVE-2024-6387/ x_transferred
    https://stackdiary.com/openssh-race-condition-in-… x_transferred
    https://ubuntu.com/security/CVE-2024-6387 x_transferred
    https://ubuntu.com/security/notices/USN-6859-1 x_transferred
    https://www.akamai.com/blog/security-research/202… x_transferred
    https://www.arista.com/en/support/advisories-noti… x_transferred
    https://www.freebsd.org/security/advisories/FreeB… x_transferred
    https://www.splunk.com/en_us/blog/security/cve-20… x_transferred
    https://www.suse.com/security/cve/CVE-2024-6387.html x_transferred
    https://www.theregister.com/2024/07/01/regresshio… x_transferred
    https://support.apple.com/kb/HT214119 x_transferred
    https://support.apple.com/kb/HT214118 x_transferred
    https://support.apple.com/kb/HT214120 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 8.5p1 , ≤ 9.7p1 (custom)
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.7p1-38.el9_4.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:8.7p1-12.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:8.7p1-30.el9_2.4 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202407091321-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift:4.13::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202407091253-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202407091355-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202407081958-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7     cpe:/a:redhat:ceph_storage:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Siemens Industrial Edge Management OS (IEM-OS) Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SINAMICS IIoT module Affected: 0 , < V1.0 HF1 (custom)
    Create a notification for this product.
    Siemens SINEMA Remote Connect Server Affected: 0 , < V3.2 SP2 (custom)
    Create a notification for this product.
    Siemens SINUMERIK ONE Affected: 0 , < V6.24 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Date Public
    2024-07-01 08:00
    Credits
    Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6387",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T13:18:34.695298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T13:18:46.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-24T18:35:27.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"
              },
              {
                "url": "https://www.exploit-db.com/exploits/52269"
              },
              {
                "url": "https://packetstorm.news/files/id/190587/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/08/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/11/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
              },
              {
                "name": "RHSA-2024:4312",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4312"
              },
              {
                "name": "RHSA-2024:4340",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4340"
              },
              {
                "name": "RHSA-2024:4389",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4389"
              },
              {
                "name": "RHSA-2024:4469",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4469"
              },
              {
                "name": "RHSA-2024:4474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4474"
              },
              {
                "name": "RHSA-2024:4479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4479"
              },
              {
                "name": "RHSA-2024:4484",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4484"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
              },
              {
                "name": "RHBZ#2294604",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=9132"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/AlmaLinux/updates/issues/629"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/4379"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/azurelinux/issues/9555"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oracle/oracle-linux/issues/149"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/rapier1/hpn-ssh/issues/87"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/zgzhang/cve-2024-6387-poc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40843778"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240701-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sig-security.rocky.page/issues/CVE-2024-6387/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/notices/USN-6859-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssh.com/txt/release-9.8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge Management OS (IEM-OS)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINAMICS IIoT module",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0 HF1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Remote Connect Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.2 SP2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINUMERIK ONE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:39:26.672Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-446545.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.openssh.com/",
              "defaultStatus": "unaffected",
              "packageName": "OpenSSH",
              "repo": "https://anongit.mindrot.org/openssh.git",
              "versions": [
                {
                  "lessThanOrEqual": "9.7p1",
                  "status": "affected",
                  "version": "8.5p1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-38.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-38.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-12.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-30.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift:4.13::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202407091321-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202407091253-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202407091355-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202407081958-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."
            }
          ],
          "datePublic": "2024-07-01T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-364",
                  "description": "Signal Handler Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T06:17:03.387Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4312",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4312"
            },
            {
              "name": "RHSA-2024:4340",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4340"
            },
            {
              "name": "RHSA-2024:4389",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4389"
            },
            {
              "name": "RHSA-2024:4469",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4469"
            },
            {
              "name": "RHSA-2024:4474",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4474"
            },
            {
              "name": "RHSA-2024:4479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4479"
            },
            {
              "name": "RHSA-2024:4484",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4484"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6387"
            },
            {
              "name": "RHBZ#2294604",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
            },
            {
              "url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
            },
            {
              "url": "https://www.openssh.com/txt/release-9.8"
            },
            {
              "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-01T08:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openssh: regresshion - race condition in ssh allows rce/dos",
          "workarounds": [
            {
              "lang": "en",
              "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server\u0027s ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like \u0027fail2ban\u0027 alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-364: Signal Handler Race Condition"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6387",
        "datePublished": "2024-07-01T12:37:25.431Z",
        "dateReserved": "2024-06-27T13:41:03.421Z",
        "dateUpdated": "2026-05-12T11:39:26.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26733 (GCVE-0-2024-26733)

    Vulnerability from nvd – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    arp: Prevent overflow in arp_req_get().
    Summary
    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97eaa2955db4120ce6ec2ef123e860bc32232c50 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f119f2325ba70cbfdec701000dcad4d88805d5b0 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3f2c083cb575d80a7627baf3339e78fedccbb91 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a7d6027790acea24446ddd6632d394096c0f4667 (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.12
    Unaffected: 0 , < 2.6.12 (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:11.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0013/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T15:52:00.464269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T17:33:20.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "97eaa2955db4120ce6ec2ef123e860bc32232c50",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "f119f2325ba70cbfdec701000dcad4d88805d5b0",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a3f2c083cb575d80a7627baf3339e78fedccbb91",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a7d6027790acea24446ddd6632d394096c0f4667",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.12"
                },
                {
                  "lessThan": "2.6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags.  We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS:  00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:05.779Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
            },
            {
              "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
            },
            {
              "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
            },
            {
              "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
            },
            {
              "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
            },
            {
              "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
            }
          ],
          "title": "arp: Prevent overflow in arp_req_get().",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26733",
        "datePublished": "2024-04-03T17:00:20.437Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:05.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1077 (GCVE-0-2023-1077)

    Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2024-08-02 05:32
    VLAI
    Summary
    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Linux kernel Affected: unknown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
              },
              {
                "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230511-0002/"
              },
              {
                "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linux kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T19:06:55.294Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
            },
            {
              "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230511-0002/"
            },
            {
              "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1077",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2023-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:32:46.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36879 (GCVE-0-2022-36879)

    Vulnerability from nvd – Published: 2022-07-27 03:27 – Updated: 2025-05-05 16:13
    VLAI
    Summary
    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • NVD-CWE-Other
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:29.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.313688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "NVD-CWE-Other",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:13:47.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "DSA-5207",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5207"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220901-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
                },
                {
                  "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36879",
        "datePublished": "2022-07-27T03:27:41.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:13:47.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1473 (GCVE-0-2022-1473)

    Vulnerability from nvd – Published: 2022-05-03 15:15 – Updated: 2025-05-05 16:42
    VLAI
    Title
    Resource leakage when decoding certificates and keys
    Summary
    The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-459 - Incomplete Cleanup
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Aliaksei Levin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:27:10.537811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-459",
                    "description": "CWE-459 Incomplete Cleanup",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:42:05.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Aliaksei Levin"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "Resource leakage when decoding certificates and keys"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1473",
        "datePublished": "2022-05-03T15:15:25.051Z",
        "dateReserved": "2022-04-26T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:42:05.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1434 (GCVE-0-2022-1434)

    Vulnerability from nvd – Published: 2022-05-03 15:15 – Updated: 2024-09-17 04:19
    VLAI
    Title
    Incorrect MAC key used in the RC4-MD5 ciphersuite
    Summary
    The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    Severity
    No CVSS data available.
    CWE
    • Incorrect MAC key
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Tom Colley (Broadcom)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tom Colley (Broadcom)"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect MAC key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "Incorrect MAC key used in the RC4-MD5 ciphersuite"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1434",
        "datePublished": "2022-05-03T15:15:23.387Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:38.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1343 (GCVE-0-2022-1343)

    Vulnerability from nvd – Published: 2022-05-03 15:15 – Updated: 2025-05-05 16:42
    VLAI
    Title
    OCSP_basic_verify may incorrectly verify the response signing certificate
    Summary
    The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect signature verfication
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Raul Metsma
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:05.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1343",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:27:12.804295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:42:39.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raul Metsma"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect signature verfication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "OCSP_basic_verify may incorrectly verify the response signing certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1343",
        "datePublished": "2022-05-03T15:15:21.496Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:42:39.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1292 (GCVE-0-2022-1292)

    Vulnerability from nvd – Published: 2022-05-03 15:15 – Updated: 2025-12-30 04:55
    VLAI
    Title
    The c_rehash script allows command injection
    Summary
    The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Affected: Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)
    Affected: Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Elison Niven (Sophos)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-08-13T14:06:18.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
              },
              {
                "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
              },
              {
                "name": "DSA-5139",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5139"
              },
              {
                "name": "FEDORA-2022-b651cb69e6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
              },
              {
                "name": "FEDORA-2022-c9c02865f6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1292",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-07-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T04:55:25.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Elison Niven (Sophos)"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
            },
            {
              "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
            },
            {
              "name": "DSA-5139",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5139"
            },
            {
              "name": "FEDORA-2022-b651cb69e6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
            },
            {
              "name": "FEDORA-2022-c9c02865f6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "The c_rehash script allows command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1292",
        "datePublished": "2022-05-03T15:15:19.758Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2025-12-30T04:55:25.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-4203 (GCVE-0-2021-4203)

    Vulnerability from nvd – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a kernel Affected: kernel 5.15 rc4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "kernel 5.15 rc4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362-\u003eCWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
            },
            {
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
            },
            {
              "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4203",
        "datePublished": "2022-03-25T00:00:00.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35508 (GCVE-0-2020-35508)

    Vulnerability from nvd – Published: 2021-03-26 16:45 – Updated: 2024-08-04 17:02
    VLAI
    Summary
    A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a kernel Affected: kernel 5.12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "kernel 5.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T20:06:08.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-35508",
        "datePublished": "2021-03-26T16:45:18.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:02:08.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29661 (GCVE-0-2020-29661)

    Vulnerability from nvd – Published: 2020-12-09 16:57 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
              },
              {
                "name": "[oss-security] 20201210 2 kernel issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
              },
              {
                "name": "FEDORA-2020-b732958765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
              },
              {
                "name": "FEDORA-2020-bc0cc81a7a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
              },
              {
                "name": "DSA-4843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4843"
              },
              {
                "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
              },
              {
                "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-12T18:06:14.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
            },
            {
              "name": "[oss-security] 20201210 2 kernel issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
            },
            {
              "name": "FEDORA-2020-b732958765",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
            },
            {
              "name": "FEDORA-2020-bc0cc81a7a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
            },
            {
              "name": "DSA-4843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4843"
            },
            {
              "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
            },
            {
              "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-29661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
                },
                {
                  "name": "[oss-security] 20201210 2 kernel issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
                },
                {
                  "name": "FEDORA-2020-b732958765",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
                },
                {
                  "name": "FEDORA-2020-bc0cc81a7a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
                },
                {
                  "name": "DSA-4843",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4843"
                },
                {
                  "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
                },
                {
                  "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-29661",
        "datePublished": "2020-12-09T16:57:41.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:10.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29660 (GCVE-0-2020-29660)

    Vulnerability from nvd – Published: 2020-12-09 16:57 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.725Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
              },
              {
                "name": "[oss-security] 20201210 2 kernel issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
              },
              {
                "name": "FEDORA-2020-b732958765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
              },
              {
                "name": "FEDORA-2020-bc0cc81a7a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
              },
              {
                "name": "DSA-4843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4843"
              },
              {
                "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
              },
              {
                "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-12T18:06:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
            },
            {
              "name": "[oss-security] 20201210 2 kernel issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
            },
            {
              "name": "FEDORA-2020-b732958765",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
            },
            {
              "name": "FEDORA-2020-bc0cc81a7a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
            },
            {
              "name": "DSA-4843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4843"
            },
            {
              "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
            },
            {
              "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-29660",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
                },
                {
                  "name": "[oss-security] 20201210 2 kernel issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
                },
                {
                  "name": "FEDORA-2020-b732958765",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
                },
                {
                  "name": "FEDORA-2020-bc0cc81a7a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
                },
                {
                  "name": "DSA-4843",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4843"
                },
                {
                  "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
                },
                {
                  "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-29660",
        "datePublished": "2020-12-09T16:57:56.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:10.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15436 (GCVE-0-2020-15436)

    Vulnerability from nvd – Published: 2020-11-23 20:08 – Updated: 2024-08-04 13:15
    VLAI
    Summary
    Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
    Severity
    No CVSS data available.
    CWE
    • Use After Free
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a linux kernel Affected: 5.7 (verified), possibly others 4.18
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:15:20.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2020/6/7/379"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "linux kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7 (verified), possibly others 4.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-18T10:06:18.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2020/6/7/379"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2020-15436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "linux kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.7 (verified), possibly others 4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lkml.org/lkml/2020/6/7/379",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2020/6/7/379"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20201218-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2020-15436",
        "datePublished": "2020-11-23T20:08:17.000Z",
        "dateReserved": "2020-06-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:15:20.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15778 (GCVE-0-2020-15778)

    Vulnerability from nvd – Published: 2020-07-24 00:00 – Updated: 2024-08-04 13:22 Disputed
    VLAI
    Summary
    scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openbsd openssh Affected: 0 , ≤ 8.3p1 (custom)
        cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openssh",
                "vendor": "openbsd",
                "versions": [
                  {
                    "lessThanOrEqual": "8.3p1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-15778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T14:59:02.714297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:18.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:30.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssh.com/security.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cpandya2909/CVE-2020-15778/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=25005567"
              },
              {
                "name": "GLSA-202212-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202212-06"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T16:53:15.270Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openssh.com/security.html"
            },
            {
              "url": "https://github.com/cpandya2909/CVE-2020-15778/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=25005567"
            },
            {
              "name": "GLSA-202212-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202212-06"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2024:3166"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-15778",
        "datePublished": "2020-07-24T00:00:00.000Z",
        "dateReserved": "2020-07-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:30.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13143 (GCVE-0-2020-13143)

    Vulnerability from nvd – Published: 2020-05-18 17:50 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_MISC
    https://www.spinics.net/lists/linux-usb/msg194331.html x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2020060… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2020/dsa-4698 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4699 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://usn.ubuntu.com/4413-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4411-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4412-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4419-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4414-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
              },
              {
                "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
              },
              {
                "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
              },
              {
                "name": "DSA-4698",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4698"
              },
              {
                "name": "DSA-4699",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4699"
              },
              {
                "name": "openSUSE-SU-2020:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
              },
              {
                "name": "openSUSE-SU-2020:0935",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
              },
              {
                "name": "USN-4413-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4413-1/"
              },
              {
                "name": "USN-4411-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4411-1/"
              },
              {
                "name": "USN-4412-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4412-1/"
              },
              {
                "name": "USN-4419-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4419-1/"
              },
              {
                "name": "USN-4414-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4414-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-04T22:50:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "DSA-4699",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4699"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2020:0935",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
            },
            {
              "name": "USN-4413-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4413-1/"
            },
            {
              "name": "USN-4411-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4411-1/"
            },
            {
              "name": "USN-4412-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4412-1/"
            },
            {
              "name": "USN-4419-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4419-1/"
            },
            {
              "name": "USN-4414-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4414-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
                },
                {
                  "name": "https://www.spinics.net/lists/linux-usb/msg194331.html",
                  "refsource": "MISC",
                  "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
                },
                {
                  "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
                },
                {
                  "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
                },
                {
                  "name": "DSA-4698",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4698"
                },
                {
                  "name": "DSA-4699",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4699"
                },
                {
                  "name": "openSUSE-SU-2020:0801",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
                },
                {
                  "name": "openSUSE-SU-2020:0935",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
                },
                {
                  "name": "USN-4413-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4413-1/"
                },
                {
                  "name": "USN-4411-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4411-1/"
                },
                {
                  "name": "USN-4412-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4412-1/"
                },
                {
                  "name": "USN-4419-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4419-1/"
                },
                {
                  "name": "USN-4414-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4414-1/"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13143",
        "datePublished": "2020-05-18T17:50:53.000Z",
        "dateReserved": "2020-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6387 (GCVE-0-2024-6387)

    Vulnerability from cvelistv5 – Published: 2024-07-01 12:37 – Updated: 2026-05-12 11:39
    VLAI KEVIntel
    Title
    Openssh: regresshion - race condition in ssh allows rce/dos
    Summary
    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-364 - Signal Handler Race Condition
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4340 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4389 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-6387 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2294604 issue-trackingx_refsource_REDHAT
    https://santandersecurityresearch.github.io/blog/…
    https://www.openssh.com/txt/release-9.8
    https://www.qualys.com/2024/07/01/cve-2024-6387/r…
    https://www.vicarius.io/vsociety/posts/regresshio…
    https://www.exploit-db.com/exploits/52269
    https://packetstorm.news/files/id/190587/
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/02/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/0… x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/03/5 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/04/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/04/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/08/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/10/6 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/11/1 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/11/3 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/23/4 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/23/6 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/28/2 x_transferred
    http://www.openwall.com/lists/oss-security/2024/07/28/3 x_transferred
    https://archlinux.org/news/the-sshd-service-needs… x_transferred
    https://arstechnica.com/security/2024/07/regressh… x_transferred
    https://blog.qualys.com/vulnerabilities-threat-re… x_transferred
    https://explore.alas.aws.amazon.com/CVE-2024-6387.html x_transferred
    https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 x_transferred
    https://ftp.netbsd.org/pub/NetBSD/security/adviso… x_transferred
    https://github.com/AlmaLinux/updates/issues/629 x_transferred
    https://github.com/Azure/AKS/issues/4379 x_transferred
    https://github.com/PowerShell/Win32-OpenSSH/discu… x_transferred
    https://github.com/PowerShell/Win32-OpenSSH/issues/2249 x_transferred
    https://github.com/microsoft/azurelinux/issues/9555 x_transferred
    https://github.com/openela-main/openssh/commit/e1… x_transferred
    https://github.com/oracle/oracle-linux/issues/149 x_transferred
    https://github.com/rapier1/hpn-ssh/issues/87 x_transferred
    https://github.com/zgzhang/cve-2024-6387-poc x_transferred
    https://lists.almalinux.org/archives/list/announc… x_transferred
    https://lists.mindrot.org/pipermail/openssh-unix-… x_transferred
    https://lists.mindrot.org/pipermail/openssh-unix-… x_transferred
    https://news.ycombinator.com/item?id=40843778 x_transferred
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_transferred
    https://security-tracker.debian.org/tracker/CVE-2… x_transferred
    https://security.netapp.com/advisory/ntap-2024070… x_transferred
    https://sig-security.rocky.page/issues/CVE-2024-6387/ x_transferred
    https://stackdiary.com/openssh-race-condition-in-… x_transferred
    https://ubuntu.com/security/CVE-2024-6387 x_transferred
    https://ubuntu.com/security/notices/USN-6859-1 x_transferred
    https://www.akamai.com/blog/security-research/202… x_transferred
    https://www.arista.com/en/support/advisories-noti… x_transferred
    https://www.freebsd.org/security/advisories/FreeB… x_transferred
    https://www.splunk.com/en_us/blog/security/cve-20… x_transferred
    https://www.suse.com/security/cve/CVE-2024-6387.html x_transferred
    https://www.theregister.com/2024/07/01/regresshio… x_transferred
    https://support.apple.com/kb/HT214119 x_transferred
    https://support.apple.com/kb/HT214118 x_transferred
    https://support.apple.com/kb/HT214120 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/18 x_transferred
    http://seclists.org/fulldisclosure/2024/Jul/19 x_transferred
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Impacted products
    Vendor Product Version
    Affected: 8.5p1 , ≤ 9.7p1 (custom)
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.7p1-38.el9_4.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:8.7p1-12.el9_0.1 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
        cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:8.7p1-30.el9_2.4 , < * (rpm)
        cpe:/o:redhat:rhel_eus:9.2::baseos
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202407091321-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.13::el9
        cpe:/a:redhat:openshift:4.13::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202407091253-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.14::el8
        cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202407091355-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.15::el8
        cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202407081958-0 , < * (rpm)
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7     cpe:/a:redhat:ceph_storage:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Siemens Industrial Edge Management OS (IEM-OS) Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SINAMICS IIoT module Affected: 0 , < V1.0 HF1 (custom)
    Create a notification for this product.
    Siemens SINEMA Remote Connect Server Affected: 0 , < V3.2 SP2 (custom)
    Create a notification for this product.
    Siemens SINUMERIK ONE Affected: 0 , < V6.24 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Date Public
    2024-07-01 08:00
    Credits
    Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6387",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T13:18:34.695298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T13:18:46.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-24T18:35:27.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"
              },
              {
                "url": "https://www.exploit-db.com/exploits/52269"
              },
              {
                "url": "https://packetstorm.news/files/id/190587/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/08/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/11/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
              },
              {
                "name": "RHSA-2024:4312",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4312"
              },
              {
                "name": "RHSA-2024:4340",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4340"
              },
              {
                "name": "RHSA-2024:4389",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4389"
              },
              {
                "name": "RHSA-2024:4469",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4469"
              },
              {
                "name": "RHSA-2024:4474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4474"
              },
              {
                "name": "RHSA-2024:4479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4479"
              },
              {
                "name": "RHSA-2024:4484",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4484"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
              },
              {
                "name": "RHBZ#2294604",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=9132"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/AlmaLinux/updates/issues/629"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/4379"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/azurelinux/issues/9555"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oracle/oracle-linux/issues/149"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/rapier1/hpn-ssh/issues/87"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/zgzhang/cve-2024-6387-poc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40843778"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240701-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sig-security.rocky.page/issues/CVE-2024-6387/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2024-6387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/notices/USN-6859-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssh.com/txt/release-9.8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge Management OS (IEM-OS)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINAMICS IIoT module",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0 HF1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Remote Connect Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.2 SP2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINUMERIK ONE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:39:26.672Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-446545.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.openssh.com/",
              "defaultStatus": "unaffected",
              "packageName": "OpenSSH",
              "repo": "https://anongit.mindrot.org/openssh.git",
              "versions": [
                {
                  "lessThanOrEqual": "9.7p1",
                  "status": "affected",
                  "version": "8.5p1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-38.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-38.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream",
                "cpe:/o:redhat:rhel_e4s:9.0::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-12.el9_0.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_eus:9.2::baseos",
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.7p1-30.el9_2.4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.13::el9",
                "cpe:/a:redhat:openshift:4.13::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.13",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "413.92.202407091321-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.14::el8",
                "cpe:/a:redhat:openshift:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "414.92.202407091253-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.15::el8",
                "cpe:/a:redhat:openshift:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "415.92.202407091355-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "416.94.202407081958-0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."
            }
          ],
          "datePublic": "2024-07-01T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-364",
                  "description": "Signal Handler Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T06:17:03.387Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4312",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4312"
            },
            {
              "name": "RHSA-2024:4340",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4340"
            },
            {
              "name": "RHSA-2024:4389",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4389"
            },
            {
              "name": "RHSA-2024:4469",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4469"
            },
            {
              "name": "RHSA-2024:4474",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4474"
            },
            {
              "name": "RHSA-2024:4479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4479"
            },
            {
              "name": "RHSA-2024:4484",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4484"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6387"
            },
            {
              "name": "RHBZ#2294604",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
            },
            {
              "url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
            },
            {
              "url": "https://www.openssh.com/txt/release-9.8"
            },
            {
              "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-01T08:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openssh: regresshion - race condition in ssh allows rce/dos",
          "workarounds": [
            {
              "lang": "en",
              "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server\u0027s ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like \u0027fail2ban\u0027 alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-364: Signal Handler Race Condition"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6387",
        "datePublished": "2024-07-01T12:37:25.431Z",
        "dateReserved": "2024-06-27T13:41:03.421Z",
        "dateUpdated": "2026-05-12T11:39:26.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26733 (GCVE-0-2024-26733)

    Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    arp: Prevent overflow in arp_req_get().
    Summary
    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97eaa2955db4120ce6ec2ef123e860bc32232c50 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f119f2325ba70cbfdec701000dcad4d88805d5b0 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3f2c083cb575d80a7627baf3339e78fedccbb91 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a7d6027790acea24446ddd6632d394096c0f4667 (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.12
    Unaffected: 0 , < 2.6.12 (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:11.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0013/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T15:52:00.464269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T17:33:20.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "97eaa2955db4120ce6ec2ef123e860bc32232c50",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "f119f2325ba70cbfdec701000dcad4d88805d5b0",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a3f2c083cb575d80a7627baf3339e78fedccbb91",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a7d6027790acea24446ddd6632d394096c0f4667",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.12"
                },
                {
                  "lessThan": "2.6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags.  We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS:  00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:05.779Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
            },
            {
              "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
            },
            {
              "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
            },
            {
              "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
            },
            {
              "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
            },
            {
              "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
            }
          ],
          "title": "arp: Prevent overflow in arp_req_get().",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26733",
        "datePublished": "2024-04-03T17:00:20.437Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:05.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1077 (GCVE-0-2023-1077)

    Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2024-08-02 05:32
    VLAI
    Summary
    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Linux kernel Affected: unknown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
              },
              {
                "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230511-0002/"
              },
              {
                "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linux kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T19:06:55.294Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
            },
            {
              "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230511-0002/"
            },
            {
              "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1077",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2023-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:32:46.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36879 (GCVE-0-2022-36879)

    Vulnerability from cvelistv5 – Published: 2022-07-27 03:27 – Updated: 2025-05-05 16:13
    VLAI
    Summary
    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • NVD-CWE-Other
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:29.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.313688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "NVD-CWE-Other",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:13:47.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "DSA-5207",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5207"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220901-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
                },
                {
                  "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36879",
        "datePublished": "2022-07-27T03:27:41.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:13:47.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1473 (GCVE-0-2022-1473)

    Vulnerability from cvelistv5 – Published: 2022-05-03 15:15 – Updated: 2025-05-05 16:42
    VLAI
    Title
    Resource leakage when decoding certificates and keys
    Summary
    The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-459 - Incomplete Cleanup
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Aliaksei Levin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:27:10.537811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-459",
                    "description": "CWE-459 Incomplete Cleanup",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:42:05.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Aliaksei Levin"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "Resource leakage when decoding certificates and keys"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1473",
        "datePublished": "2022-05-03T15:15:25.051Z",
        "dateReserved": "2022-04-26T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:42:05.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1434 (GCVE-0-2022-1434)

    Vulnerability from cvelistv5 – Published: 2022-05-03 15:15 – Updated: 2024-09-17 04:19
    VLAI
    Title
    Incorrect MAC key used in the RC4-MD5 ciphersuite
    Summary
    The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    Severity
    No CVSS data available.
    CWE
    • Incorrect MAC key
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Tom Colley (Broadcom)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tom Colley (Broadcom)"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect MAC key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "Incorrect MAC key used in the RC4-MD5 ciphersuite"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1434",
        "datePublished": "2022-05-03T15:15:23.387Z",
        "dateReserved": "2022-04-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:38.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1343 (GCVE-0-2022-1343)

    Vulnerability from cvelistv5 – Published: 2022-05-03 15:15 – Updated: 2025-05-05 16:42
    VLAI
    Title
    OCSP_basic_verify may incorrectly verify the response signing certificate
    Summary
    The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect signature verfication
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Raul Metsma
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:05.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1343",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:27:12.804295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:42:39.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raul Metsma"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect signature verfication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "OCSP_basic_verify may incorrectly verify the response signing certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1343",
        "datePublished": "2022-05-03T15:15:21.496Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:42:39.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1292 (GCVE-0-2022-1292)

    Vulnerability from cvelistv5 – Published: 2022-05-03 15:15 – Updated: 2025-12-30 04:55
    VLAI
    Title
    The c_rehash script allows command injection
    Summary
    The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)
    Affected: Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)
    Affected: Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)
    Create a notification for this product.
    Date Public
    2022-05-03 00:00
    Credits
    Elison Niven (Sophos)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-08-13T14:06:18.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220503.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
              },
              {
                "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
              },
              {
                "name": "DSA-5139",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5139"
              },
              {
                "name": "FEDORA-2022-b651cb69e6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
              },
              {
                "name": "FEDORA-2022-c9c02865f6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1292",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-07-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T04:55:25.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Elison Niven (Sophos)"
            }
          ],
          "datePublic": "2022-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-14T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220503.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
            },
            {
              "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
            },
            {
              "name": "DSA-5139",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5139"
            },
            {
              "name": "FEDORA-2022-b651cb69e6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
            },
            {
              "name": "FEDORA-2022-c9c02865f6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
            }
          ],
          "title": "The c_rehash script allows command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-1292",
        "datePublished": "2022-05-03T15:15:19.758Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2025-12-30T04:55:25.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-4203 (GCVE-0-2021-4203)

    Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a kernel Affected: kernel 5.15 rc4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "kernel 5.15 rc4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362-\u003eCWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
            },
            {
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
            },
            {
              "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4203",
        "datePublished": "2022-03-25T00:00:00.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35508 (GCVE-0-2020-35508)

    Vulnerability from cvelistv5 – Published: 2021-03-26 16:45 – Updated: 2024-08-04 17:02
    VLAI
    Summary
    A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a kernel Affected: kernel 5.12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "kernel 5.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T20:06:08.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-35508",
        "datePublished": "2021-03-26T16:45:18.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:02:08.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29660 (GCVE-0-2020-29660)

    Vulnerability from cvelistv5 – Published: 2020-12-09 16:57 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.725Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
              },
              {
                "name": "[oss-security] 20201210 2 kernel issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
              },
              {
                "name": "FEDORA-2020-b732958765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
              },
              {
                "name": "FEDORA-2020-bc0cc81a7a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
              },
              {
                "name": "DSA-4843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4843"
              },
              {
                "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
              },
              {
                "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-12T18:06:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
            },
            {
              "name": "[oss-security] 20201210 2 kernel issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
            },
            {
              "name": "FEDORA-2020-b732958765",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
            },
            {
              "name": "FEDORA-2020-bc0cc81a7a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
            },
            {
              "name": "DSA-4843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4843"
            },
            {
              "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
            },
            {
              "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-29660",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
                },
                {
                  "name": "[oss-security] 20201210 2 kernel issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
                },
                {
                  "name": "FEDORA-2020-b732958765",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
                },
                {
                  "name": "FEDORA-2020-bc0cc81a7a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
                },
                {
                  "name": "DSA-4843",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4843"
                },
                {
                  "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
                },
                {
                  "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-29660",
        "datePublished": "2020-12-09T16:57:56.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:10.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29661 (GCVE-0-2020-29661)

    Vulnerability from cvelistv5 – Published: 2020-12-09 16:57 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
              },
              {
                "name": "[oss-security] 20201210 2 kernel issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
              },
              {
                "name": "FEDORA-2020-b732958765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
              },
              {
                "name": "FEDORA-2020-bc0cc81a7a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
              },
              {
                "name": "DSA-4843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4843"
              },
              {
                "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
              },
              {
                "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-12T18:06:14.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
            },
            {
              "name": "[oss-security] 20201210 2 kernel issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
            },
            {
              "name": "FEDORA-2020-b732958765",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
            },
            {
              "name": "FEDORA-2020-bc0cc81a7a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
            },
            {
              "name": "DSA-4843",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4843"
            },
            {
              "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
            },
            {
              "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-29661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
                },
                {
                  "name": "[oss-security] 20201210 2 kernel issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
                },
                {
                  "name": "FEDORA-2020-b732958765",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
                },
                {
                  "name": "FEDORA-2020-bc0cc81a7a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
                },
                {
                  "name": "DSA-4843",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4843"
                },
                {
                  "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
                },
                {
                  "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-29661",
        "datePublished": "2020-12-09T16:57:41.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:10.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15436 (GCVE-0-2020-15436)

    Vulnerability from cvelistv5 – Published: 2020-11-23 20:08 – Updated: 2024-08-04 13:15
    VLAI
    Summary
    Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
    Severity
    No CVSS data available.
    CWE
    • Use After Free
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a linux kernel Affected: 5.7 (verified), possibly others 4.18
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:15:20.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2020/6/7/379"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "linux kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7 (verified), possibly others 4.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-18T10:06:18.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2020/6/7/379"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2020-15436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "linux kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.7 (verified), possibly others 4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lkml.org/lkml/2020/6/7/379",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2020/6/7/379"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20201218-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20201218-0002/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2020-15436",
        "datePublished": "2020-11-23T20:08:17.000Z",
        "dateReserved": "2020-06-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:15:20.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15778 (GCVE-0-2020-15778)

    Vulnerability from cvelistv5 – Published: 2020-07-24 00:00 – Updated: 2024-08-04 13:22 Disputed
    VLAI
    Summary
    scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openbsd openssh Affected: 0 , ≤ 8.3p1 (custom)
        cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openssh",
                "vendor": "openbsd",
                "versions": [
                  {
                    "lessThanOrEqual": "8.3p1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-15778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T14:59:02.714297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:18.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:30.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssh.com/security.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cpandya2909/CVE-2020-15778/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=25005567"
              },
              {
                "name": "GLSA-202212-06",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202212-06"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T16:53:15.270Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openssh.com/security.html"
            },
            {
              "url": "https://github.com/cpandya2909/CVE-2020-15778/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=25005567"
            },
            {
              "name": "GLSA-202212-06",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202212-06"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2024:3166"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-15778",
        "datePublished": "2020-07-24T00:00:00.000Z",
        "dateReserved": "2020-07-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:30.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13143 (GCVE-0-2020-13143)

    Vulnerability from cvelistv5 – Published: 2020-05-18 17:50 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_MISC
    https://www.spinics.net/lists/linux-usb/msg194331.html x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2020060… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2020/dsa-4698 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4699 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://usn.ubuntu.com/4413-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4411-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4412-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4419-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4414-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
              },
              {
                "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
              },
              {
                "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
              },
              {
                "name": "DSA-4698",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4698"
              },
              {
                "name": "DSA-4699",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4699"
              },
              {
                "name": "openSUSE-SU-2020:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
              },
              {
                "name": "openSUSE-SU-2020:0935",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
              },
              {
                "name": "USN-4413-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4413-1/"
              },
              {
                "name": "USN-4411-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4411-1/"
              },
              {
                "name": "USN-4412-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4412-1/"
              },
              {
                "name": "USN-4419-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4419-1/"
              },
              {
                "name": "USN-4414-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4414-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-04T22:50:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "DSA-4699",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4699"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2020:0935",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
            },
            {
              "name": "USN-4413-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4413-1/"
            },
            {
              "name": "USN-4411-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4411-1/"
            },
            {
              "name": "USN-4412-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4412-1/"
            },
            {
              "name": "USN-4419-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4419-1/"
            },
            {
              "name": "USN-4414-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4414-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
                },
                {
                  "name": "https://www.spinics.net/lists/linux-usb/msg194331.html",
                  "refsource": "MISC",
                  "url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
                },
                {
                  "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
                },
                {
                  "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
                },
                {
                  "name": "DSA-4698",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4698"
                },
                {
                  "name": "DSA-4699",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4699"
                },
                {
                  "name": "openSUSE-SU-2020:0801",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
                },
                {
                  "name": "openSUSE-SU-2020:0935",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
                },
                {
                  "name": "USN-4413-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4413-1/"
                },
                {
                  "name": "USN-4411-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4411-1/"
                },
                {
                  "name": "USN-4412-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4412-1/"
                },
                {
                  "name": "USN-4419-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4419-1/"
                },
                {
                  "name": "USN-4414-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4414-1/"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13143",
        "datePublished": "2020-05-18T17:50:53.000Z",
        "dateReserved": "2020-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }