Page 10 of 184 results (0.014 seconds)

CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. Se detectó un problema en International Components for Unicode (ICU) para C/C++ versiones hasta 66.1. Se presenta un desbordamiento de enteros, conllevando a un desbordamiento de búfer en la región heap de la memoria, en la función UnicodeString::doAppend() en el archivo common/unistr.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html https://access.redhat.com/errata/RHSA-2020:0738 https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca https://github.com/unicode-org/icu/pull/971 https://lists.debian • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones anteriores a 1.0.2. en el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque las comparaciones hostname no consideran los caracteres "\0", como es demostrado por un ataque de good.example.com\x00evil.example.com. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, en el archivo tunnel.c, maneja inapropiadamente la comprobación del certificado porque la verificación del nombre de host funciona en la memoria no inicializada. El resultado es que un certificado válido nunca es aceptado (solo puede ser aceptado un certificado malformado). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation CWE-908: Use of Uninitialized Resource •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque un código de error negativo de X509_check_host se interpreta como un valor de retorno exitoso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. En libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, el archivo tcp_subr.c utiliza inapropiadamente los valores de retorno de snprintf, lo que conlleva a un desbordamiento del búfer en el código posterior. An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of the snprintf(3) function. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0 https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •