Search criteria
68 vulnerabilities found for hci_compute_node_firmware by netapp
CVE-2025-24014 (GCVE-0-2025-24014)
Vulnerability from nvd – Published: 2025-01-20 22:53 – Updated: 2025-03-14 10:03
VLAI?
Title
segmentation fault in win_line() in Vim < 9.1.1043
Summary
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Severity ?
4.2 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-14T10:03:09.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/21/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:42:41.237005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:42:50.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.1043"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn\u0027t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn\u0027t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T22:53:14.325Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955"
},
{
"name": "https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919"
}
],
"source": {
"advisory": "GHSA-j3g9-wg22-v955",
"discovery": "UNKNOWN"
},
"title": "segmentation fault in win_line() in Vim \u003c 9.1.1043"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24014",
"datePublished": "2025-01-20T22:53:14.325Z",
"dateReserved": "2025-01-16T17:31:06.458Z",
"dateUpdated": "2025-03-14T10:03:09.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43680 (GCVE-0-2022-43680)
Vulnerability from nvd – Published: 2022-10-24 00:00 – Updated: 2025-05-30 19:20
VLAI?
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:19:46.789242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:20:52.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T12:06:22.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43680",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:20:52.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27778 (GCVE-0-2022-27778)
Vulnerability from nvd – Published: 2022-06-01 19:03 – Updated: 2024-08-03 05:32
VLAI?
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Severity ?
No CVSS data available.
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference (CWE-706)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
fixed in 7.83.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "Use of Incorrectly-Resolved Name or Reference (CWE-706)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T19:09:59",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-27778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "fixed in 7.83.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Incorrectly-Resolved Name or Reference (CWE-706)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1553598",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1553598"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220729-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27778",
"datePublished": "2022-06-01T19:03:32",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21434 (GCVE-0-2022-21434)
Vulnerability from nvd – Published: 2022-04-19 20:37 – Updated: 2024-08-03 02:38
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u331
Affected: Oracle Java SE:8u321 Affected: Oracle Java SE:11.0.14 Affected: Oracle Java SE:17.0.2 Affected: Oracle Java SE:18 Affected: Oracle GraalVM Enterprise Edition:20.3.5 Affected: Oracle GraalVM Enterprise Edition:21.3.1 Affected: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:51:37.654803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:51:53.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:18.947256",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21434",
"datePublished": "2022-04-19T20:37:18",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:38:56.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21426 (GCVE-0-2022-21426)
Vulnerability from nvd – Published: 2022-04-19 20:37 – Updated: 2024-09-24 20:12
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u331
Affected: Oracle Java SE:8u321 Affected: Oracle Java SE:11.0.14 Affected: Oracle Java SE:17.0.2 Affected: Oracle Java SE:18 Affected: Oracle GraalVM Enterprise Edition:20.3.5 Affected: Oracle GraalVM Enterprise Edition:21.3.1 Affected: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T17:35:39.893746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:12:08.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-14T11:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle Java SE:7u331"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:8u321"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:11.0.14"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:17.0.2"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:18"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21426",
"datePublished": "2022-04-19T20:37:11",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:12:08.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28893 (GCVE-0-2022-28893)
Vulnerability from nvd – Published: 2022-04-11 04:15 – Updated: 2024-08-03 06:10
VLAI?
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T10:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220526-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28893",
"datePublished": "2022-04-11T04:15:06",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28796 (GCVE-0-2022-28796)
Vulnerability from nvd – Published: 2022-04-08 04:11 – Updated: 2024-08-03 06:03
VLAI?
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T13:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"name": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220506-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28796",
"datePublished": "2022-04-08T04:11:51",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3733 (GCVE-0-2021-3733)
Vulnerability from nvd – Published: 2022-03-07 00:00 – Updated: 2025-11-03 21:45
VLAI?
Summary
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Severity ?
No CVSS data available.
CWE
- CWE-400 - - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43075"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/24391"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.10, python v3.9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"url": "https://github.com/python/cpython/pull/24391"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3733",
"datePublished": "2022-03-07T00:00:00.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-20322 (GCVE-0-2021-20322)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.15-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:24:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.15-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20322",
"datePublished": "2022-02-18T17:50:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45485 (GCVE-0-2021-45485)
Vulnerability from nvd – Published: 2021-12-25 01:05 – Updated: 2024-08-04 04:39
VLAI?
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:42:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"name": "https://arxiv.org/pdf/2112.09604.pdf",
"refsource": "MISC",
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220121-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45485",
"datePublished": "2021-12-25T01:05:07",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22901 (GCVE-0-2021-22901)
Vulnerability from nvd – Published: 2021-06-11 15:49 – Updated: 2024-08-03 18:58
VLAI?
Summary
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
7.75.0 through 7.76.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.75.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T11:06:06",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.75.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1180380",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1180380"
},
{
"name": "https://curl.se/docs/CVE-2021-22901.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"name": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210723-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22901",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22897 (GCVE-0-2021-22897)
Vulnerability from nvd – Published: 2021-06-11 15:49 – Updated: 2024-08-03 18:58
VLAI?
Summary
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Severity ?
No CVSS data available.
CWE
- CWE-840 - Business Logic Errors (CWE-840)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
7.61.0 through 7.76.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.61.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:53:46",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.61.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Errors (CWE-840)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1172857",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1172857"
},
{
"name": "https://curl.se/docs/CVE-2021-22897.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"name": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22897",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:24.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28041 (GCVE-0-2021-28041)
Vulnerability from nvd – Published: 2021-03-05 19:07 – Updated: 2024-08-03 21:33
VLAI?
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:56:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/security.html",
"refsource": "MISC",
"url": "https://www.openssh.com/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"name": "https://www.openssh.com/txt/release-8.5",
"refsource": "MISC",
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28041",
"datePublished": "2021-03-05T19:07:34",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35507 (GCVE-0-2020-35507)
Vulnerability from nvd – Published: 2021-01-04 14:24 – Updated: 2024-08-04 17:02
VLAI?
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:32",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35507",
"datePublished": "2021-01-04T14:24:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35496 (GCVE-0-2020-35496)
Vulnerability from nvd – Published: 2021-01-04 14:24 – Updated: 2024-08-04 17:02
VLAI?
Summary
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35496",
"datePublished": "2021-01-04T14:24:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35495 (GCVE-0-2020-35495)
Vulnerability from nvd – Published: 2021-01-04 14:23 – Updated: 2024-08-04 17:02
VLAI?
Summary
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35495",
"datePublished": "2021-01-04T14:23:52",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35494 (GCVE-0-2020-35494)
Vulnerability from nvd – Published: 2021-01-04 14:23 – Updated: 2024-08-04 17:02
VLAI?
Summary
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35494",
"datePublished": "2021-01-04T14:23:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24014 (GCVE-0-2025-24014)
Vulnerability from cvelistv5 – Published: 2025-01-20 22:53 – Updated: 2025-03-14 10:03
VLAI?
Title
segmentation fault in win_line() in Vim < 9.1.1043
Summary
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Severity ?
4.2 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-14T10:03:09.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/21/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:42:41.237005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:42:50.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.1043"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn\u0027t show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn\u0027t been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T22:53:14.325Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955"
},
{
"name": "https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919"
}
],
"source": {
"advisory": "GHSA-j3g9-wg22-v955",
"discovery": "UNKNOWN"
},
"title": "segmentation fault in win_line() in Vim \u003c 9.1.1043"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24014",
"datePublished": "2025-01-20T22:53:14.325Z",
"dateReserved": "2025-01-16T17:31:06.458Z",
"dateUpdated": "2025-03-14T10:03:09.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43680 (GCVE-0-2022-43680)
Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-30 19:20
VLAI?
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:19:46.789242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:20:52.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T12:06:22.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43680",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:20:52.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27778 (GCVE-0-2022-27778)
Vulnerability from cvelistv5 – Published: 2022-06-01 19:03 – Updated: 2024-08-03 05:32
VLAI?
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Severity ?
No CVSS data available.
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference (CWE-706)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
fixed in 7.83.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "Use of Incorrectly-Resolved Name or Reference (CWE-706)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T19:09:59",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-27778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "fixed in 7.83.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Incorrectly-Resolved Name or Reference (CWE-706)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1553598",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1553598"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220729-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27778",
"datePublished": "2022-06-01T19:03:32",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21434 (GCVE-0-2022-21434)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:37 – Updated: 2024-08-03 02:38
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u331
Affected: Oracle Java SE:8u321 Affected: Oracle Java SE:11.0.14 Affected: Oracle Java SE:17.0.2 Affected: Oracle Java SE:18 Affected: Oracle GraalVM Enterprise Edition:20.3.5 Affected: Oracle GraalVM Enterprise Edition:21.3.1 Affected: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:51:37.654803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:51:53.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:18.947256",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21434",
"datePublished": "2022-04-19T20:37:18",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:38:56.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21426 (GCVE-0-2022-21426)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:37 – Updated: 2024-09-24 20:12
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u331
Affected: Oracle Java SE:8u321 Affected: Oracle Java SE:11.0.14 Affected: Oracle Java SE:17.0.2 Affected: Oracle Java SE:18 Affected: Oracle GraalVM Enterprise Edition:20.3.5 Affected: Oracle GraalVM Enterprise Edition:21.3.1 Affected: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T17:35:39.893746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:12:08.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-14T11:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle Java SE:7u331"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:8u321"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:11.0.14"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:17.0.2"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:18"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21426",
"datePublished": "2022-04-19T20:37:11",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:12:08.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28893 (GCVE-0-2022-28893)
Vulnerability from cvelistv5 – Published: 2022-04-11 04:15 – Updated: 2024-08-03 06:10
VLAI?
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T10:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220526-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28893",
"datePublished": "2022-04-11T04:15:06",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28796 (GCVE-0-2022-28796)
Vulnerability from cvelistv5 – Published: 2022-04-08 04:11 – Updated: 2024-08-03 06:03
VLAI?
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T13:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"name": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220506-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28796",
"datePublished": "2022-04-08T04:11:51",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3733 (GCVE-0-2021-3733)
Vulnerability from cvelistv5 – Published: 2022-03-07 00:00 – Updated: 2025-11-03 21:45
VLAI?
Summary
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Severity ?
No CVSS data available.
CWE
- CWE-400 - - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43075"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/24391"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.10, python v3.9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"url": "https://github.com/python/cpython/pull/24391"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3733",
"datePublished": "2022-03-07T00:00:00.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-20322 (GCVE-0-2021-20322)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.15-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:24:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.15-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20322",
"datePublished": "2022-02-18T17:50:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45485 (GCVE-0-2021-45485)
Vulnerability from cvelistv5 – Published: 2021-12-25 01:05 – Updated: 2024-08-04 04:39
VLAI?
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:42:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"name": "https://arxiv.org/pdf/2112.09604.pdf",
"refsource": "MISC",
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220121-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45485",
"datePublished": "2021-12-25T01:05:07",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22901 (GCVE-0-2021-22901)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:49 – Updated: 2024-08-03 18:58
VLAI?
Summary
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
7.75.0 through 7.76.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.75.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T11:06:06",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.75.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1180380",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1180380"
},
{
"name": "https://curl.se/docs/CVE-2021-22901.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"name": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210723-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22901",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22897 (GCVE-0-2021-22897)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:49 – Updated: 2024-08-03 18:58
VLAI?
Summary
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Severity ?
No CVSS data available.
CWE
- CWE-840 - Business Logic Errors (CWE-840)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
7.61.0 through 7.76.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.61.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:53:46",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.61.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Errors (CWE-840)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1172857",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1172857"
},
{
"name": "https://curl.se/docs/CVE-2021-22897.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"name": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22897",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:24.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28041 (GCVE-0-2021-28041)
Vulnerability from cvelistv5 – Published: 2021-03-05 19:07 – Updated: 2024-08-03 21:33
VLAI?
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:56:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/security.html",
"refsource": "MISC",
"url": "https://www.openssh.com/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"name": "https://www.openssh.com/txt/release-8.5",
"refsource": "MISC",
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28041",
"datePublished": "2021-03-05T19:07:34",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}