CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3176 – Use-after-free in io_uring in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-3176
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://security.netapp.com/advisory/ntap-20230216-0003 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40149 – Stack Buffer Overflow in Jettison
https://notcve.org/view.php?id=CVE-2022-40149
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado con la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por desbordamiento de pila. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 https://github.com/jettison-json/jettison/issues/45 https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-40149 https://bugzilla.redhat.com/show_bug.cgi?id=2135771 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40150 – Stack Buffer Overflow in Jettison
https://notcve.org/view.php?id=CVE-2022-40150
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. Aquellos usando Jettison para analizar datos XML o JSON no confiables pueden ser vulnerables a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado en base a la entrada suministrada por el usuario, un atacante puede suministrar contenido que cause el bloqueo del analizador por falta de memoria. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 https://github.com/jettison-json/jettison/issues/45 https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html https://www.debian.org/security/2023/dsa-5312 https://access.redhat.com/security/cve/CVE-2022-40150 https://bugzilla.redhat.com/show_bug.cgi?id=2135770 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38851
https://notcve.org/view.php?id=CVE-2022-38851
Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Algunos productos de The MPlayer Project son vulnerables a una lectura fuera de límites por medio de la función read_meta_record() del archivo mplayer/libmpdemux/asfheader.c. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html https://trac.mplayerhq.hu/ticket/2393 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38865
https://notcve.org/view.php?id=CVE-2022-38865
Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables a la división por cero por medio de la función demux_avi_read_packet del archivo libmpdemux/demux_avi.c. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html https://trac.mplayerhq.hu/ticket/2401 • CWE-369: Divide By Zero •