CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2604
https://notcve.org/view.php?id=CVE-2022-2604
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Safe Browsing en Google Chrome versiones anteriores a 104.0.5112.79, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1335316 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2603
https://notcve.org/view.php?id=CVE-2022-2603
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Omnibox en Google Chrome versiones anteriores a 104.0.5112.79, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1325699 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33643 – libtar: out-of-bounds read in gnu_longlink
https://notcve.org/view.php?id=CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de encabezado siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longlink, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33645 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longlink después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33644 – libtar: out-of-bounds read in gnu_longname
https://notcve.org/view.php?id=CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de cabecera siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longname, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-125: Out-of-bounds Read •