CVE-2021-3711 – SM2 Decryption Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E https://security.gentoo.org/glsa/202209-02 https://security.ge • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-37714 – Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
https://notcve.org/view.php?id=CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. • https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c https://jsoup.org/news/release-1.14.1 https://jsoup.org/news/release-1.14.2 https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E https://lists.apa • CWE-248: Uncaught Exception CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-22939 – nodejs: Incomplete validation of tls rejectUnauthorized parameter
https://notcve.org/view.php?id=CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. Si la API https de Node.js, era usada incorrectamente y se pasaba "undefined" para el parámetro "rejectUnauthorized", no fue devuelto ningún error y se aceptaban las conexiones a servidores con un certificado caducado. A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1278254 https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases https://security.gentoo.org/glsa/202401-02 https://security.netapp.com/advisory/ntap-20210917-0003 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021& • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVE-2021-22940 – nodejs: Use-after-free on close http2 on stream canceling
https://notcve.org/view.php?id=CVE-2021-22940
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Node.js versiones anteriores a 16.6.1, 14.17.5 y 12.22.5, es vulnerable a un ataque de uso de memoria previamente liberada donde un atacante podría ser capaz de explotar la corrupción de memoria para cambiar el comportamiento del proceso. A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit memory corruption to change process behavior. The highest threat from this vulnerability is to confidentiality and integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1238162 https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases https://security.gentoo.org/glsa/202401-02 https://security.netapp.com/advisory/ntap-20210923-0001 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021& • CWE-416: Use After Free •
CVE-2021-22931 – nodejs: Improper handling of untypical characters in domain names
https://notcve.org/view.php?id=CVE-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a una Ejecución de Código Remota , ataques de tipo XSS, bloqueo de Aplicaciones debido a una falta de comprobación de entrada de los nombres de host devueltos por los Servidores de Nombres de Dominio en la librería dns de Node.js, que puede conllevar a la salida de nombres de host erróneos (conllevando al Secuestro de Dominio) y vulnerabilidades de inyección en aplicaciones que usan la librería. A flaw was found in Node.js. These vulnerabilities include remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1178337 https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases https://security.gentoo.org/glsa/202401-02 https://security.netapp.com/advisory/ntap-20210923-0001 https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https: • CWE-20: Improper Input Validation CWE-170: Improper Null Termination •