CVE-2022-31002 – Out-of-bounds Read in Sofia-SIP
https://notcve.org/view.php?id=CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. Sofia-SIP es una librería de agente de usuario del Protocolo de Iniciación de Sesión (SIP) de código abierto. • https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html https://security.gentoo.org/glsa/202210-18 https://www.debian.org/security/2023/dsa-5410 • CWE-125: Out-of-bounds Read •
CVE-2022-31001 – Out-of-bounds Read in Sofia-SIP
https://notcve.org/view.php?id=CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. Sofia-SIP es una biblioteca de agente de usuario del Protocolo de Iniciación de Sesión (SIP) de código abierto. • https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g https://lists.debian.org/debian-lts-announce/2022/09/msg00001.html https://security.gentoo.org/glsa/202210-18 https://www.debian.org/security/2023/dsa-5410 • CWE-125: Out-of-bounds Read •
CVE-2022-31799
https://notcve.org/view.php?id=CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding. Bottle versiones anteriores a 0.12.20, maneja inapropiadamente los errores durante la vinculación temprana de peticiones • https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20 https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2022-1204
https://notcve.org/view.php?id=CVE-2022-1204
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad del protocolo AX.25 de radioaficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema • https://access.redhat.com/security/cve/CVE-2022-1204 https://bugzilla.redhat.com/show_bug.cgi?id=2071051 https://security-tracker.debian.org/tracker/CVE-2022-1204 https://www.openwall.com/lists/oss-security/2022/04/02/2 • CWE-416: Use After Free •
CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject& • CWE-416: Use After Free •