CVE-2022-4304 – Timing Oracle in RSA Decryption
https://notcve.org/view.php?id=CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. • https://security.gentoo.org/glsa/202402-08 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/cve/CVE-2022-4304 https://bugzilla.redhat.com/show_bug.cgi?id=2164487 • CWE-203: Observable Discrepancy •
CVE-2022-40617
https://notcve.org/view.php?id=CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento de revocación enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada después del protocolo de enlace TCP inicial o envía una cantidad excesiva de datos de la aplicación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: sólo están afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el código fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, véase la referencia nodejs/node) A security vulnerability was found in zlib. • http://seclists.org/fulldisclosure/2022/Oct/37 http://seclists.org/fulldisclosure/2022/Oct/38 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/42 http://www.openwall.com/lists/oss-security/2022/08/05/2 http://www.openwall.com/lists/oss-security/2022/08/09/1 https://github.com/curl/curl/issues/9271 https://github.com/ivd38/zlib_overflow https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-37613
https://notcve.org/view.php?id=CVE-2021-37613
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. Stormshield Network Security (SNS) versiones 1.0.0 hasta 4.2.3, permite una Denegación de Servicio • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-050 •
CVE-2021-3398
https://notcve.org/view.php?id=CVE-2021-3398
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. Stormshield Network Security (SNS) 3.x, presenta un Desbordamiento de Enteros en el componente high-availability • https://advisories.stormshield.eu/2021-001 https://www.stormshield.com/category/alert • CWE-190: Integer Overflow or Wraparound •