CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2023-6606 – Kernel: out-of-bounds read vulnerability in smbcalcsize
https://notcve.org/view.php?id=CVE-2023-6606
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Se encontró una vulnerabilidad de lectura fuera de los límites en smbCalcSize en fs/smb/client/netmisc.c en el kernel de Linux. Este problema podría permitir que un atacante local bloquee el sistema o filtre información interna del kernel. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2023-6606 https://bugzilla.kernel.org/show • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47038 – Perl: write past buffer end via illegal user-defined unicode property
https://notcve.org/view.php?id=CVE-2023-47038
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Se encontró una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresión regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de búfer de bytes en un búfer asignado en el almacenamiento dinámico. • https://access.redhat.com/errata/RHSA-2024:2228 https://access.redhat.com/errata/RHSA-2024:3128 https://access.redhat.com/security/cve/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-6277 – Libtiff: out-of-memory in tiffopen via a craft file
https://notcve.org/view.php?id=CVE-2023-6277
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. Se encontró un error de falta de memoria en libtiff. Pasar un archivo tiff manipulado a la API TIFFOpen() puede permitir que un atacante remoto provoque una denegación de servicio a través de una entrada artesanal con un tamaño inferior a 379 KB. • https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C https://security.netapp.com/advisory/ntap-20240119-0002 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6176 – Kernel: local dos vulnerability in scatterwalk_copychunks
https://notcve.org/view.php?id=CVE-2023-6176
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Se encontró una falla de desreferencia de puntero nulo en la API del kernel de Linux para la funcionalidad de dispersión del algoritmo criptográfico. Este problema ocurre cuando un usuario construye un paquete malicioso con una configuración de socket específica, lo que podría permitir que un usuario local bloquee el sistema o aumente sus privilegios en el sistema. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2219359 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066 • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6121 – Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get
https://notcve.org/view.php?id=CVE-2023-6121
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Se encontró una vulnerabilidad de lectura fuera de los límites en el subsistema NVMe-oF/TCP del kernel de Linux. Esta falla permite que un atacante remoto envíe un paquete TCP manipulado, lo que desencadena un desbordamiento del búfer que da como resultado que los datos kmalloc se impriman (y potencialmente se filtren) en el búfer de anillo del kernel (dmesg). • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6121 https://bugzilla.redhat.com/show_bug.cgi?id=2250043 https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-125: Out-of-bounds Read •