CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3772 – kernel: sctp: Invalid chunks may be used to remotely remove existing associations
https://notcve.org/view.php?id=CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacante puede enviar paquetes con direcciones IP falsas • https://bugzilla.redhat.com/show_bug.cgi?id=2000694 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20221007-0001 https://ubuntu.com/security/CVE-2021-3772 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cp • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-42373
https://notcve.org/view.php?id=CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given Una desreferencia de puntero NULL en el applet man de Busybox conlleva a una denegación de servicio cuando se proporciona un nombre de sección pero no se da ningún argumento de página • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 1CVE-2021-42374
https://notcve.org/view.php?id=CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that Una lectura de pila fuera de límites en el applet unlzma de Busybox conlleva a un filtrado de información y una denegación de servicio cuando se descomprime una entrada comprimida LZMA manipulada. Esto puede ser desencadenado por cualquier applet/formato que • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-42375
https://notcve.org/view.php?id=CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. Un manejo incorrecto de un elemento especial en el applet ash de Busybox conlleva una denegación de servicio cuando es procesado un comando shell diseñado, debido a que el shell confunde caracteres específicos con caracteres reservados. Esto puede ser usado para DoS bajo condiciones raras de entrada de comandos filtrados • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-159: Improper Handling of Invalid Use of Special Elements •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-42376
https://notcve.org/view.php?id=CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Una desreferencia de puntero NULL en el applet hush de Busybox conlleva a una denegación de servicio cuando es procesado un comando shell diseñado, debido a una falta de comprobación después de un carácter delimitador \x03. Esto puede ser usado para DoS bajo condiciones muy raras de entrada de comandos filtrados • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-476: NULL Pointer Dereference •