CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42309
https://notcve.org/view.php?id=CVE-2022-42309
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. Xenstore: Los invitados pueden bloquear xenstored Debido a un error en la solución de XSA-115, un invitado malintencionado puede hacer que xenstored use un puntero incorrecto durante la creación del nodo en una ruta de error, lo que resulta en una falla de xenstored o una corrupción de la memoria en xenstored, lo que provoca más daño. El invitado puede controlar el ingreso de la ruta de error, por ejemplo, excediendo el valor de cuota de nodos máximos por dominio. • http://www.openwall.com/lists/oss-security/2022/11/01/4 http://xenbits.xen.org/xsa/advisory-414.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https:// • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42319
https://notcve.org/view.php?id=CVE-2022-42319
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. • http://www.openwall.com/lists/oss-security/2022/11/01/6 http://xenbits.xen.org/xsa/advisory-416.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https:// • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 11%CPEs: 9EXPL: 4CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. • https://github.com/colmmacc/CVE-2022-3602 https://github.com/eatscrayon/CVE-2022-3602-poc https://github.com/corelight/CVE-2022-3602 https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html http://www.openwall.com/lists/oss-security/2022/11/01/15 http://www.openwall.com/lists/oss-security/2022/11/01/16 http://www.openwall.com/lists/oss-security/2022/11/01/17 http://www&# • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. • https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a https://www.openssl.org/news/secadv/20221101.txt https://access.redhat.com/security/cve/CVE-2022-3786 https://bugzilla.redhat.com/show_bug.cgi?id=2139104 https://access.redhat.com/security/vulnerabilities/RHSB-2022-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42315
https://notcve.org/view.php?id=CVE-2022-42315
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction Xenstore: los invitados pueden dejar ejecutar xenstored sin memoria. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] Los invitados maliciosos pueden hacer que xenstored asigne grandes cantidades de memoria, lo que eventualmente resultará en una Denegación de Servicio (DoS) de xenstored. • http://xenbits.xen.org/xsa/advisory-326.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://www.debian.org/security/2022/dsa-5272 https://xenbits.xenproject.org/xsa/advisory-326.txt • CWE-770: Allocation of Resources Without Limits or Throttling •