CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028
https://notcve.org/view.php?id=CVE-2022-39028
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. telnetd en GNU Inetutils versiones hasta 2.3, MIT krb5-appl versiones hasta 1.0.3, y trabajos derivados presenta una desreferencia de puntero NULL por medio de 0xff 0xf7 o 0xff 0xf8. • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38533
https://notcve.org/view.php?id=CVE-2022-38533
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ https://security.gentoo.org/glsa/202309-15 https://security.netapp.com/advisory/ntap-20221104-0007 https://sourceware.org/bugzilla/show_bug.cgi?id=29482 https://sourceware.org/bugzilla/show_bug.cgi?id& • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35164
https://notcve.org/view.php?id=CVE-2022-35164
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Se ha detectado que LibreDWG versión v0.12.4.4608 y el commit f2dea29 contienen un uso de memoria previamente liberada de la pila por medio de la función bit_copy_chain. • https://github.com/LibreDWG/libredwg/issues/497 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4209
https://notcve.org/view.php?id=CVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. • https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 https://gitlab.com/gnutls/gnutls/-/issues/1306 https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 https://security.netapp.com/advisory/ntap-20220915-0005 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_verify function. • https://access.redhat.com/security/cve/CVE-2022-2509 https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html https://www.debian.org/security/2022/dsa-5203 https://bugzilla.redhat.com/show_bug.cgi?id=2108977 • CWE-415: Double Free •