CVE-2020-7069 – Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
https://notcve.org/view.php?id=CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la función openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV está actualmente usado. Esto puede conllevar a una disminución de seguridad y datos de cifrado incorrectos • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79601 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R • CWE-20: Improper Input Validation CWE-326: Inadequate Encryption Strength •
CVE-2020-14377
https://notcve.org/view.php?id=CVE-2020-14377
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879472 https://usn.ubuntu.com/4550-1 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-125: Out-of-bounds Read •
CVE-2020-14376
https://notcve.org/view.php?id=CVE-2020-14376
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en dpdk en versiones anteriores a 18.11.10 y anteriores a 19.11.5. Una falta de comprobación de límites cuando se copia iv_data desde la memoria del invitado de la VM hacia la memoria del host puede causar un gran desbordamiento del búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879470 https://usn.ubuntu.com/4550-1 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-14375
https://notcve.org/view.php?id=CVE-2020-14375
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en dpdk en versiones anteriores a 18.11.10 y anteriores a 19.11.5. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879468 https://usn.ubuntu.com/4550-1 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-26154 – libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow
https://notcve.org/view.php?id=CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. El archivo url.cpp en libproxy versiones hasta 0.4.15, es propenso a un desbordamiento del búfer cuando PAC está habilitado, como es demostrado por un archivo PAC grande que es entregado sin un encabezado Content-length • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html https://bugs.debian.org/968366 https://github.com/libproxy/libproxy/pull/126 https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •