CVE-2021-4209
https://notcve.org/view.php?id=CVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. • https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 https://gitlab.com/gnutls/gnutls/-/issues/1306 https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 https://security.netapp.com/advisory/ntap-20220915-0005 • CWE-476: NULL Pointer Dereference •
CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: sólo están afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el código fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, véase la referencia nodejs/node) A security vulnerability was found in zlib. • http://seclists.org/fulldisclosure/2022/Oct/37 http://seclists.org/fulldisclosure/2022/Oct/38 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/42 http://www.openwall.com/lists/oss-security/2022/08/05/2 http://www.openwall.com/lists/oss-security/2022/08/09/1 https://github.com/curl/curl/issues/9271 https://github.com/ivd38/zlib_overflow https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-36946 – kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c
https://notcve.org/view.php?id=CVE-2022-36946
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. La función nfqnl_mangle en el archivo net/netfilter/nfnetlink_queue.c en el kernel de Linux versiones hasta 5.18.14, permite a atacantes remotos causar una denegación de servicio (pánico) porque, en el caso de un veredicto nf_queue con un atributo nfta_payload de un byte, un skb_pull puede encontrar un skb-)len negativo A memory corruption flaw was found in the Linux kernel’s Netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user. • https://github.com/Pwnzer0tt1/CVE-2022-36946 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://marc.info/?l=netfilter-devel&m=165883202007292&w=2 https://security.netapp.com/advisory/ntap-20220901-0007 https://www.debian.org/security/2022/dsa-5207 https://access.redhat.com/security/ •
CVE-2022-21549 – OpenJDK: random exponentials issue (Libraries, 8283875)
https://notcve.org/view.php?id=CVE-2022-21549
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC https://security.gentoo.org/glsa/202401-25 https://security.netapp.com/advisory/ntap-20220729-0009 https://www.debian.org/security/2022/dsa-5192 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21549 https://bugzilla • CWE-1068: Inconsistency Between Implementation and Documented Design •
CVE-2022-34169 – Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
https://notcve.org/view.php?id=CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. • https://github.com/bor8/CVE-2022-34169 http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html http://www.openwall.com/lists/oss-security/2022/07/19/5 http://www.openwall.com/lists/oss-security/2022/07/19/6 http://www.openwall.com/lists/oss-security/2022/07/20/2 http://www.openwall.com/lists/oss-security/2022/07/20/3 http://www.openwall.com/lists/oss-security/2022/10/18/2 http://www.openwall.com/lists/oss-security/2022/11/ • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •