CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2019-5600
https://notcve.org/view.php?id=CVE-2019-5600
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. En FreeBSD 12.0-ESTABLE en versiones anteriores a la r349622, 12.0-RELEASE en versiones anteriores a la 12.0-RELEASE-p7, 11.3-PRERELEASE en versiones anteriores a la r349624, 11.3-RC3 en versiones anteriores a la 11.3-RC3-p1, y 11.2-RELEASE en versiones anteriores a la 11.2-RELEASE-p11, un error en la implementación de iconv puede permitir que un atacante escriba más allá del final de un búfer de salida. Dependiendo de la implementación, un atacante puede crear una denegación de servicio, provocar un comportamiento incorrecto del programa o inducir una ejecución remota de código. • http://packetstormsecurity.com/files/153520/FreeBSD-Security-Advisory-FreeBSD-SA-19-09.iconv.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 37EXPL: 0CVE-2019-12900 – bzip2: out-of-bounds write in function BZ2_decompress
https://notcve.org/view.php?id=CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html https://gitlab.com/federicomenaqui • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2019-5599
https://notcve.org/view.php?id=CVE-2019-5599
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. En FreeBSD versión 12.0-STABLE anterior a r349197 y versión 12.0-RELEASE anterior a 12.0-RELEASE-p6, un bug en la pila de RACK TCP no predeterminada puede permitir a un atacante causar que varias listas vinculadas crezcan sin límites y causar un salto de lista costoso en cada paquete procesado, lo que conlleva al agotamiento de los recursos y una denegación de servicio. • http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html http://www.openwall.com/lists/oss-security/2019/06/17/5 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 https://seclists.org/bugtraq/2019/Jun/27 https://security.FreeBSD.org/advisories/FreeBSD-SA-19& • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2019-5598
https://notcve.org/view.php?id=CVE-2019-5598
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. n FreeBSD 11.3-PRERELEASE antes de r345378, 12.0-ESTABLE antes de r345377, 11.2-RELEASE antes de 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en pf no verifica si el paquete ICMP exterior o ICMP6 tiene la misma IP de destino que la IP de la fuente del paquete de protocolo interno permitiendo la creación maliciosa de un paquete ICMP / ICMP6 podría eludir las reglas de el Packet Filter y pasar a un host que de lo contrario estará inhabilitado. • http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html http://www.securityfocus.com/bid/108395 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc https://security.netapp.com/advisory/ntap-20190611-0001 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.synacktiv.com/posts/systems/icmp-reachable.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 6%CPEs: 11EXPL: 1CVE-2019-5597
https://notcve.org/view.php?id=CVE-2019-5597
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. En FreeBSD 11.3-PRERELEASE y 12.0-STABLE anterior a r347591, 11.2-RELEASE anterior a 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en la lógica de reensamblado del fragmento pf IPv6 usa incorrectamente la última extensión del encabezado desde el desvío el último paquete recibido en vez del primer paquete permitiendo que los paquetes IPv6 diseñados con fines maliciosos originen un bloqueo o omitan potencialmente el Packet Filter. • http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html http://www.securityfocus.com/bid/108395 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc https://security.netapp.com/advisory/ntap-20190611-0001 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf • CWE-20: Improper Input Validation •