CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 1CVE-2022-25315 – expat: Integer overflow in storeRawNames()
https://notcve.org/view.php?id=CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. En Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, se presenta un desbordamiento de enteros en storeRawNames An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. • http://www.openwall.com/lists/oss-security/2022/02/19/1 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/559 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM https://security.gentoo.org/glsa&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 2CVE-2022-25313 – expat: Stack exhaustion in doctype parsing
https://notcve.org/view.php?id=CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. En Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, un atacante puede desencadenar un agotamiento de pila en build_model por medio de una gran profundidad de anidamiento en el elemento DTD A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service. • https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-25313 https://github.com/ShaikUsaf/external_expact_AOSP10_r33_CVE-2022-25313 http://www.openwall.com/lists/oss-security/2022/02/19/1 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/558 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU https • CWE-674: Uncontrolled Recursion CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0585
https://notcve.org/view.php?id=CVE-2022-0585
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file Grandes bucles en múltiples disectores de protocolo en Wireshark versiones 3.6.0 a 3.6.1 y 3.4.0 a 3.4.11, permiten una denegación de servicio por medio de inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T https://security.gentoo.org/glsa/202210-04 https://www.wireshark.org/security/wnpa-sec-2022-02.html • CWE-834: Excessive Iteration •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4120 – snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths
https://notcve.org/view.php?id=CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no lleva a cabo una comprobación suficiente de la interfaz de contenido de snap y de las rutas de diseño, resultando en una posibilidad de que los snaps inyecten reglas de política de AppArmor arbitrarias por medio de declaraciones de interfaz de contenido y de diseño mal formadas y, por tanto, escapen al confinamiento estricto de snap. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • http://www.openwall.com/lists/oss-security/2022/02/18/2 https://bugs.launchpad.net/snapd/+bug/1949368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7 https://ubuntu.com/security/notices/USN-5292-1 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-44730 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no comprueba apropiadamente la ubicación del binario snap-confine. Un atacante local que pueda enlazar este binario a otra ubicación puede causar que snap-confine ejecute otros binarios arbitrarios y, por lo tanto, alcanzar una escalada de privilegios. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • http://www.openwall.com/lists/oss-security/2022/02/18/2 http://www.openwall.com/lists/oss-security/2022/02/23/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7 https://ubuntu.com/security/notices/USN-5292-1 https://www.debian.org/security/2022/dsa-5080 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •