CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 3CVE-2022-23093 – Stack overflow in ping(8)
https://notcve.org/view.php?id=CVE-2022-23093
29 Nov 2022 — ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers f... • https://github.com/Inplex-sys/CVE-2022-23093 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23831
https://notcve.org/view.php?id=CVE-2022-23831
09 Nov 2022 — Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Una validación insuficiente del búfer de entrada IOCTL en AMD ?Prof puede permitir que un atacante envíe un búfer arbitrario que provoque una posible falla del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27674
https://notcve.org/view.php?id=CVE-2022-27674
09 Nov 2022 — Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Una validación insuficiente en el búfer de entrada/salida IOCTL en AMD ?Prof puede permitir a un atacante eludir las comprobaciones de límites, lo que podría provocar un fallo del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32264
https://notcve.org/view.php?id=CVE-2022-32264
06 Sep 2022 — sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer El archivo sys/netinet/tcp_timer.h en FreeBSD versiones anteriores a 7.0, contiene una vulnerabilidad de denegación de servicio (DoS) debido a un manejo inapropiado de TSopt en conexiones TCP. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados p... • http://jvn.jp/en/jp/JVN20930118 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23089 – Out of bound read in elf_note_prpsinfo()
https://notcve.org/view.php?id=CVE-2022-23089
09 Aug 2022 — When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash. Al volcar el núcleo y guardar la información del proceso, proc_getargv() puede devolver un sbuf que tiene un sbuf_len() de 0 o -1, que no se maneja adecuadamente. Puede ocurrir una lectura fuera de los límites cuando el usuario co... • https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-23090 – AIO credential reference count leak
https://notcve.org/view.php?id=CVE-2022-23090
09 Aug 2022 — The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF). La función aio_aqueue, utilizada por la llamada al sistema lio_listio, no puede liberar una referencia a una credencial en un caso de error. Un atacante puede provocar que el recuento de referencias se desborde, lo que provocará un use after free (UAF). • https://packetstorm.news/files/id/168105 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23091 – Memory disclosure by stale virtual memory mapping
https://notcve.org/view.php?id=CVE-2022-23091
09 Aug 2022 — A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. Un caso particular de compartir memoria se maneja mal en el sistema de memoria virtual. Esto es muy similar a SA-21:08.vm, pero con una causa raíz diferente. • https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23092 – Missing bounds check in 9p message handling
https://notcve.org/view.php?id=CVE-2022-23092
09 Aug 2022 — The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox. A la implementación del manejo de mensajes RWALK por p... • https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23084 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23084
06 Apr 2022 — The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. El tamaño total del nmreq proporcionado por el usuario a nmreq_copyin() se calculó primero y luego se confió en él durante la copia. Este error de tiempo de verificación a tiempo de u... • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23085 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23085
06 Apr 2022 — A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. Se pasó una opción de entero proporcionada por el usuario a nmreq_copyin() sin comprobar si se desbordaría. Esta comprobación de los límites insuficiente podría provocar daños en la memoria del kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •