CVE-2023-4527 – Glibc: stack read overflow in getaddrinfo in no-aaaa mode
https://notcve.org/view.php?id=CVE-2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.conf, una respuesta DNS a través de TCP de más de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a través de los datos de la dirección devuelta por la función, y puede provocar un crash. • http://www.openwall.com/lists/oss-security/2023/09/25/1 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA https: • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2023-3255 – Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
https://notcve.org/view.php?id=CVE-2023-3255
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. Se encontró una falla en el servidor VNC integrado de QEMU al procesar mensajes ClientCutText. Una condición de salida incorrecta puede provocar un bucle infinito al inflar un búfer zlib controlado por un atacante en la función `inflate_buffer`. • https://access.redhat.com/errata/RHSA-2024:2135 https://access.redhat.com/errata/RHSA-2024:2962 https://access.redhat.com/security/cve/CVE-2023-3255 https://bugzilla.redhat.com/show_bug.cgi?id=2218486 https://security.netapp.com/advisory/ntap-20231020-0008 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-3301 – Triggerable assertion due to race condition in hot-unplug
https://notcve.org/view.php?id=CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. Se encontró una falla en QEMU. La naturaleza asíncrona de la desconexión en caliente permite un escenario de ejecución en el que el backend del dispositivo de red se borra antes de que se haya desconectado el frontend pci de virtio-net. • https://access.redhat.com/security/cve/CVE-2023-3301 https://bugzilla.redhat.com/show_bug.cgi?id=2215784 https://security.netapp.com/advisory/ntap-20231020-0008 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVE-2023-4813 – Glibc: potential use-after-free in gaih_inet()
https://notcve.org/view.php?id=CVE-2023-4813
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Se encontró una falla en glibc. En una situación poco común, la función gaih_inet puede utilizar memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. • http://www.openwall.com/lists/oss-security/2023/10/03/8 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:7409 https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://security.netapp.com/advisory/ntap-20231110-0003 • CWE-416: Use After Free •
CVE-2023-4155 – Sev-es / sev-snp vmgexit double fetch vulnerability
https://notcve.org/view.php?id=CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). Se encontró una falla en KVM AMD Secure Encrypted Virtualization (SEV) en el kernel de Linux. Un invitado KVM que utilice SEV-ES o SEV-SNP con múltiples vCPU puede desencadenar una vulnerabilidad de condición de ejecución de recuperación doble e invocar el controlador "VMGEXIT" de forma recursiva. • https://access.redhat.com/security/cve/CVE-2023-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2213802 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •