CVE-2020-29573 – glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
https://notcve.org/view.php?id=CVE-2020-29573
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. El archivo sysdeps/i386/ldbl2mpn.c en la GNU C Library (también se conoce como glibc o libc6) versiones anteriores a 2.23 en objetivos x86 presenta un desbordamiento de búfer en la región stack de la memoria si la entrada a cualquiera de la familia funciones printf es un doble longitud de 80 bits con un patrón de bits no canónico, como se ve al pasar un valor \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 a sprintf. NOTA: la cuestión no afecta a la glibc por defecto en 2016 o más tarde (es decir, 2,23 o más tarde), debido a los compromisos contraídos en 2015 para alinear las funciones matemáticas del C99 mediante el uso de los elementos incorporados del GCC. • https://security.gentoo.org/glsa/202101-20 https://security.netapp.com/advisory/ntap-20210122-0004 https://sourceware.org/bugzilla/show_bug.cgi?id=26649 https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html https://access.redhat.com/security/cve/CVE-2020-29573 https://bugzilla.redhat.com/show_bug.cgi?id=1905213 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-14305 – kernel: memory corruption in Voice over IP nf_conntrack_h323 module
https://notcve.org/view.php?id=CVE-2020-14305
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 del kernel de Linux, manejaba las conexiones en el puerto ipv6 1720. Este fallo permite a un usuario remoto no autenticado bloquear el sistema, causando una denegación de servicio. • https://bugs.openvz.org/browse/OVZ-7188 https://bugzilla.redhat.com/show_bug.cgi?id=1850716 https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com https://security.netapp.com/advisory/ntap-20201210-0004 https://access.redhat.com/security/cve/CVE-2020-14305 • CWE-787: Out-of-bounds Write •
CVE-2020-29370
https://notcve.org/view.php?id=CVE-2020-29370
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71 • https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 https://security.netapp.com/advisory/ntap-20201218-0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. • https://lkml.org/lkml/2020/6/7/379 https://security.netapp.com/advisory/ntap-20201218-0002 https://access.redhat.com/security/cve/CVE-2020-15436 https://bugzilla.redhat.com/show_bug.cgi?id=1901168 • CWE-416: Use After Free •
CVE-2020-25692 – openldap: NULL pointer dereference for unauthenticated packet in slapd
https://notcve.org/view.php?id=CVE-2020-25692
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Se encontró una desreferencia de puntero NULL en el servidor OpenLDAP y se corrigió en openldap versión 2.4.55, durante una petición para cambiar el nombre de los RDN. Un atacante no autenticado podría bloquear remotamente el proceso slapd al enviar una petición especialmente diseñada, causando una Denegación de Servicio A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1894567 https://security.netapp.com/advisory/ntap-20210108-0006 https://access.redhat.com/security/cve/CVE-2020-25692 • CWE-476: NULL Pointer Dereference •