CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23096
https://notcve.org/view.php?id=CVE-2022-23096
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP carece de una comprobación de la presencia de suficientes datos de encabezado, conllevando a una lectura fuera de límites • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23098
https://notcve.org/view.php?id=CVE-2022-23098
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP presenta un bucle infinito si no son recibidos datos • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23097
https://notcve.org/view.php?id=CVE-2022-23097
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La función forward_dns_reply maneja inapropiadamente una llamada a strnlen, conllevando a una lectura fuera de límites • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21723 – Out-of-bounds read in multipart parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21723
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. • http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html http://seclists.org/fulldisclosure/2022/Mar/2 https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https:/ • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21722 – Potential out-of-bound read during RTP/RTCP parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21722
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. • https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2022/dsa-5285 • CWE-125: Out-of-bounds Read •