CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 http://www.openwall.com/lists/oss-security/2021/09/14/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b7 • CWE-476: NULL Pointer Dereference •
CVE-2020-25649 – jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
https://notcve.org/view.php?id=CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Se encontró un fallo en FasterXML Jackson Databind, donde no tenía la expansión de entidad asegurada apropiadamente. Este fallo permite una vulnerabilidad a ataques de tipo XML external entity (XXE). • https://bugzilla.redhat.com/show_bug.cgi?id=1887664 https://github.com/FasterXML/jackson-databind/issues/2589 https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985d • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-10683 – dom4j: XML External Entity vulnerability in default SAX parser
https://notcve.org/view.php?id=CVE-2020-10683
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j versiones anteriores a 2.0.3 y versiones 2.1.x anteriores a 2.1.3, permite DTDs y External Entities por defecto, lo que podría permitir ataques de tipo XXE. Sin embargo, existe una documentación externa popular de OWASP que muestra cómo habilitar el comportamiento seguro no predeterminado en cualquier aplicación que use dom4j. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html https://bugzilla.redhat.com/show_bug.cgi?id=1694235 https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 https://github.com/dom4j/dom4j/commits/version-2.0.3 https://github.com/dom4j/dom4j/issues/87 https://github.com/dom4j/dom4j/releases/tag/version-2.1.3 https://lists.apache.org/thread.html/r51f3f9801058 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-11612 – netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
https://notcve.org/view.php?id=CVE-2020-11612
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignación de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podría enviar una secuencia de bytes de ZlibEncoded grande hacia el servidor de Netty, forzando al servidor a asignar toda su memoria liberada a un único decodificador. A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. • https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final https://github.com/netty/netty/issues/6168 https://github.com/netty/netty/pull/9924 https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r255ed239e65d0596812362adc474bee96caf7ba042c7ad2f3c62cec7%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r281882fdf9ea89aac02fd2f92786693a956aac2ce9840cce87c7df6b%40%3Ccommits.zookeeper.apache. • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-8840 – jackson-databind: Lacks certain xbean-reflect/JNDI blocking
https://notcve.org/view.php?id=CVE-2020-8840
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10.2, carece de cierto bloqueo de xbean-reflect/JNDI, como es demostrado mediante org.apache.xbean.propertyeditor.JndiConverter. A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/jas502n/jackson-CVE-2020-8840 https://github.com/fairyming/CVE-2020-8840 https://github.com/Veraxy00/CVE-2020-8840 https://github.com/Blyth0He/CVE-2020-8840 https://github.com/dpredrag/CVE-2020-8840 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en https://github.com/FasterXML/jackson-databind/issues/2620 https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E https://list • CWE-502: Deserialization of Untrusted Data •