CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14382 – cryptsetup: Out-of-bounds write when validating segments
https://notcve.org/view.php?id=CVE-2020-14382
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. Se encontró una vulnerabilidad en la versión previa cryptsetup-2.2.0 donde se presenta un error en el código de comprobación del formato LUKS2, que es invocado efectivamente en cada dispositivo e imagen que se presenta como contenedor de LUKS2. • https://bugzilla.redhat.com/show_bug.cgi?id=1874712 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM https://usn.ubuntu.com/4493-1 https://access.redhat.com/security/cve/CVE-2020-14382 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14385 – kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
https://notcve.org/view.php?id=CVE-2020-14385
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://usn.ubuntu.com/4576-1 https://access.redhat.com/security/cve/CVE-2020-14385 https://bugzilla.redhat.com/show_bug.cgi?id=1874800 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión "one-shot" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html https://github.com/google/brotli/releases/tag/v1.0.9 https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14314 – kernel: buffer uses out of index in ext3/4 filesystem
https://notcve.org/view.php?id=CVE-2020-14314
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con indexación rota. Este fallo permite a un usuario local bloquear el sistema si el directorio existe. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u https://usn.ubuntu. • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392
https://notcve.org/view.php?id=CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html https://bugzilla.redhat.com/show_bug.cgi?id=1877402 https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643 https://usn.ubuntu.com/4503-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •