CVE-2022-24884 – Trivial signature forgery in ecdsautils
https://notcve.org/view.php?id=CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. • https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 https://github.com/freifunk-gluon/ecdsautils/commit/39b6d0a77414fd41614953a0e185c4eefa2f88ad https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw https://lists.debian.org/debian-lts-announce/2022/05/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AKQH5WCBMJA3ODCSNERY6HVX4BX3ITG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2022-1516
https://notcve.org/view.php?id=CVE-2022-1516
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del conjunto de protocolos de red estandarizados X.25 del kernel de Linux en la forma en que un usuario termina su sesión usando una tarjeta Ethernet simulada y el uso continuado de esta conexión. Este fallo permite a un usuario local bloquear el sistema • http://www.openwall.com/lists/oss-security/2022/06/19/1 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7781607938c8 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVE-2022-24903 – Buffer overflow in TCP syslog server (receiver) components in rsyslog
https://notcve.org/view.php?id=CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. • https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705 https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW https://security.netapp.com/advisory/ntap-20221111-0002 https://www.debian.org/security/2022/dsa-5150 https://access.redhat.com/security/cve/CVE-2022-24903 https://bug • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2022-29155
https://notcve.org/view.php?id=CVE-2022-29155
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. En OpenLDAP versiones 2.x anteriores a 2.5.12 y versiones 2.6.x anteriores a 2.6.2, se presenta una vulnerabilidad de inyección SQL en el backend experimental back-sql de slapd, por medio de una sentencia SQL dentro de una consulta LDAP. Esto puede ocurrir durante una operación de búsqueda LDAP cuando es procesado el filtro de búsqueda, debido a una falta de escapes apropiados • https://bugs.openldap.org/show_bug.cgi?id=9815 https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html https://security.netapp.com/advisory/ntap-20220609-0007 https://www.debian.org/security/2022/dsa-5140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-20796 – ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022
https://notcve.org/view.php?id=CVE-2022-20796
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. El 4 de mayo de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en versiones 0.103.4, 0.103.5, 0.104.1 y 0.104.2 de Clam AntiVirus (ClamAV) podría permitir a un atacante local autenticado causar una condición de denegación de servicio en un dispositivo afectado. Para una descripción de esta vulnerabilidad, vea el blog de ClamAV • https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56 https://security.gentoo.org/glsa/202310-01 https://tools.cisco.com/security/center/content/CiscoSecuri • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •