CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2023-4236 – named may terminate unexpectedly under high DNS-over-TLS query load
https://notcve.org/view.php?id=CVE-2023-4236
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Una falla en el código de red que maneja consultas DNS sobre TLS puede causar que "named" finalice inesperadamente debido a una falla de aserción. Esto sucede cuando las estructuras de datos internas se reutilizan incorrectamente bajo una carga significativa de consultas DNS sobre TLS. Este problema afecta a las versiones 9.18.0 a 9.18.18 y 9.18.11-S1 a 9.18.18-S1 de BIND 9. • http://www.openwall.com/lists/oss-security/2023/09/20/2 https://kb.isc.org/docs/cve-2023-4236 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B https://security.netapp.com/advisory/ntap-20231013-0004 https:/& • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2023-3341 – A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2023-3341
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. El código que procesa los mensajes del canal de control enviados a "named" llama a ciertas funciones de forma recursiva durante el análisis de paquetes. La profundidad de la recursividad sólo está limitada por el tamaño máximo de paquete aceptado; Dependiendo del entorno, esto puede provocar que el código de análisis de paquetes se quede sin memoria disponible, lo que provocará que "named" finalice inesperadamente. • http://www.openwall.com/lists/oss-security/2023/09/20/2 https://kb.isc.org/docs/cve-2023-3341 https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-42464
https://notcve.org/view.php?id=CVE-2023-42464
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. Se encontró una vulnerabilidad de Confusión de Tipos en las funciones Spotlight RPC en afpd en Netatalk 3.1.x anterior a 3.1.17. • https://github.com/Netatalk/netatalk/issues/486 https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html https://netatalk.io/security/CVE-2023-42464 https://netatalk.sourceforge.io https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://www.debian.org/security/2023/dsa-5503 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19450 – python-reportlab: code injection in paraparser.py allows code execution
https://notcve.org/view.php?id=CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. paraparser en ReportLab anterior a 3.5.31 permite la ejecución remota de código porque start_unichar en paraparser.py evalúa la entrada de un usuario que no es de confianza en un elemento unichar en un documento XML manipulado con ' A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution. • https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ https://pastebin.com/5MicRrr4 https://access.redhat.com/security/cve/CVE-2019-19450 https://bugzilla.redhat.com/show_bug.cgi?id=2239920 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2023-41900 – Jetty's OpenId Revoked authentication allows one request
https://notcve.org/view.php?id=CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. • https://github.com/eclipse/jetty.project/pull/9528 https://github.com/eclipse/jetty.project/pull/9660 https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 https://security.netapp.com/advisory/ntap-20231110-0004 https://www.debian.org/security/2023/dsa-5507 https://access.redhat.com/security/cve/CVE-2023-41900 https://bugzilla.redhat.com/show_bug.cgi?id=2247052 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •