CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-5366 – Openvswitch don't match packets on nd_target field
https://notcve.org/view.php?id=CVE-2023-5366
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Se encontró una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre máquinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atacante local cree paquetes especialmente manipulados con un campo de dirección IP de destino modificado o falsificado que puede redirigir el tráfico ICMPv6 a direcciones IP arbitrarias. • http://www.openwall.com/lists/oss-security/2024/02/08/4 https://access.redhat.com/security/cve/CVE-2023-5366 https://bugzilla.redhat.com/show_bug.cgi?id=2006347 https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2023-3153 – Service monitor mac flow is not rate limited
https://notcve.org/view.php?id=CVE-2023-3153
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. Se encontró una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el límite. Este problema podría permitir que un atacante provoque una denegación de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente. • https://access.redhat.com/security/cve/CVE-2023-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2213279 https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd https://github.com/ovn-org/ovn/issues/198 https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • https://github.com/leesh3288/CVE-2023-4911 https://github.com/ruycr4ft/CVE-2023-4911 https://github.com/guffre/CVE-2023-4911 https://github.com/NishanthAnand21/CVE-2023-4911-PoC https://github.com/RickdeJager/CVE-2023-4911 https://github.com/hadrian3689/looney-tunables-CVE-2023-4911 https://github.com/Green-Avocado/CVE-2023-4911 https://github.com/xiaoQ1z/CVE-2023-4911 https://github.com/Diego-AltF4/CVE-2023-4911 https://github.com/KernelKrise/CVE-2023-4911 https:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling
https://notcve.org/view.php?id=CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5387 https://www.openwall.com/lists/oss-security/2023/04/06/1 https://access.redhat.com/security/cve/CVE-2023-1668 • CWE-670: Always-Incorrect Control Flow Implementation •