CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en la versión 2.4.7 de CUPS, lanzada en septiembre de 2023. • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6 https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-43669
https://notcve.org/view.php?id=CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes). El Tungstenite crate anterior a la versión 0.20.1 para Rust permite a atacantes remotos provocar una denegación del servicio (de minutos de consumo de la CPU) a través de una longitud excesiva de un encabezado HTTP en el handshake del cliente. La longitud afecta tanto a cuántas veces se intenta un análisis (por ejemplo, miles de veces) y la cantidad promedio de datos para cada intento de análisis (por ejemplo, millones de bytes). • https://bugzilla.redhat.com/show_bug.cgi?id=2240110 https://bugzilla.suse.com/show_bug.cgi?id=1215563 https://crates.io/crates/tungstenite/versions https://cwe.mitre.org/data/definitions/407.html https://github.com/advisories/GHSA-9mcr-873m-xcxp https://github.com/github/advisory-database/pull/2752 https://github.com/snapview/tungstenite-rs/commit/8b3ecd3cc0008145ab4bc8d0657c39d09db8c7e2 https://github.com/snapview/tungstenite-rs/issues/376 https://lists.fedoraproject.org/archives/list/package-an •
CVE-2023-4236 – named may terminate unexpectedly under high DNS-over-TLS query load
https://notcve.org/view.php?id=CVE-2023-4236
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Una falla en el código de red que maneja consultas DNS sobre TLS puede causar que "named" finalice inesperadamente debido a una falla de aserción. Esto sucede cuando las estructuras de datos internas se reutilizan incorrectamente bajo una carga significativa de consultas DNS sobre TLS. Este problema afecta a las versiones 9.18.0 a 9.18.18 y 9.18.11-S1 a 9.18.18-S1 de BIND 9. • http://www.openwall.com/lists/oss-security/2023/09/20/2 https://kb.isc.org/docs/cve-2023-4236 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B https://security.netapp.com/advisory/ntap-20231013-0004 https:/& • CWE-617: Reachable Assertion •
CVE-2023-3341 – A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2023-3341
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. El código que procesa los mensajes del canal de control enviados a "named" llama a ciertas funciones de forma recursiva durante el análisis de paquetes. La profundidad de la recursividad sólo está limitada por el tamaño máximo de paquete aceptado; Dependiendo del entorno, esto puede provocar que el código de análisis de paquetes se quede sin memoria disponible, lo que provocará que "named" finalice inesperadamente. • http://www.openwall.com/lists/oss-security/2023/09/20/2 https://kb.isc.org/docs/cve-2023-3341 https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2023-43090 – Gnome-shell: screenshot tool allows viewing open windows when session is locked
https://notcve.org/view.php?id=CVE-2023-43090
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. Se encontró una vulnerabilidad en GNOME Shell. La pantalla de bloqueo de GNOME Shell permite a un usuario local no autenticado ver ventanas de la sesión de escritorio bloqueada mediante el uso de atajos de teclado para desbloquear la funcionalidad restringida de la herramienta de captura de pantalla. • https://access.redhat.com/security/cve/CVE-2023-43090 https://bugzilla.redhat.com/show_bug.cgi?id=2239087 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 • CWE-862: Missing Authorization •