CVE-2022-2048 – http2-server: Invalid HTTP/2 requests cause DoS
https://notcve.org/view.php?id=CVE-2022-2048
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. En la implementación del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petición HTTP/2 no válida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegación de servicio en el que no queden recursos suficientes para procesar las peticiones buenas A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests. • http://www.openwall.com/lists/oss-security/2022/09/09/2 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html https://security.netapp.com/advisory/ntap-20220901-0006 https://www.debian.org/security/2022/dsa-5198 https://access.redhat.com/security/cve/CVE-2022-2048 https://bugzilla.redhat.com/show_bug.cgi?id=2116952 • CWE-410: Insufficient Resource Pool CWE-664: Improper Control of a Resource Through its Lifetime •
CVE-2022-33980 – Apache Commons Configuration insecure interpolation defaults
https://notcve.org/view.php?id=CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. • https://github.com/HKirito/CVE-2022-33980 https://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE https://github.com/sammwyy/CVE-2022-33980-POC https://github.com/P0lar1ght/CVE-2022-33980-POC http://www.openwall.com/lists/oss-security/2022/07/06/5 http://www.openwall.com/lists/oss-security/2022/11/15/4 https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s https://security.netapp.com/advisory/ntap-20221028-0015 https://www.debian.org/security/20 •
CVE-2022-2274 – RSA implementation bug in AVX512IFMA instructions
https://notcve.org/view.php?id=CVE-2022-2274
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. OpenSSL versión 3.0.4, introdujo un grave error en la implementación de RSA para CPUs X86_64 que soportan las instrucciones AVX512IFMA. • https://github.com/Malwareman007/CVE-2022-2274 https://github.com/DesmondSanctity/CVE-2022-2274 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345 https://github.com/openssl/openssl/issues/18625 https://security.netapp.com/advisory/ntap-20220715-0010 https://www.openssl.org/news/secadv/20220705.txt • CWE-787: Out-of-bounds Write •
CVE-2022-27778
https://notcve.org/view.php?id=CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado "--no-clobber" junto con "--remove-on-error" • https://hackerone.com/reports/1553598 https://security.netapp.com/advisory/ntap-20220609-0009 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVE-2022-24823 – Local Information Disclosure Vulnerability in io.netty:netty-codec-http
https://notcve.org/view.php?id=CVE-2022-24823
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. • https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 https://security.netapp.com/advisory/ntap-20220616-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-24823 https://bugzilla.redhat.com/show_bug.cgi?id=2087186 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •