CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una desreferencia de NULL. Si un documento XML que no es confiable fue analizado en modo de recuperación y pos-comprobado, el fallo podría usarse para bloquear la aplicación. • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV https://security.gentoo.org/glsa/202107-05 https://security.netapp.com/advisory/ntap-20210625-0002 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-476: NULL Pointer Dereference •
CVE-2021-3504 – hivex: Buffer overflow when provided invalid node key length
https://notcve.org/view.php?id=CVE-2021-3504
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. Se encontró un fallo en hivex library en versiones anteriores a 1.3.20. • https://bugzilla.redhat.com/show_bug.cgi?id=1949687 https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22 https://access.redhat.com/security/cve/CVE-2021-3504 • CWE-125: Out-of-bounds Read •
CVE-2021-31916 – kernel: out of bounds array access in drivers/md/dm-ioctl.c
https://notcve.org/view.php?id=CVE-2021-31916
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de escritura de la memoria fuera de límites (OOB) en la función list_devices en el archivo drivers/md/dm-ioctl.c en el módulo de controlador Multi-device en el kernel de Linux versiones anteriores a 5.12. Un fallo de comprobación limitada permite a un atacante con privilegios de usuario especial (CAP_SYS_ADMIN) conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una filtración de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1946965 https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://seclists.org/oss-sec/2021/q1/268 https://access.redhat.com/security/cve/CVE-2021-31916 • CWE-787: Out-of-bounds Write •
CVE-2021-20254 – samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
https://notcve.org/view.php?id=CVE-2021-20254
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1949442 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT https://security.gentoo.org/glsa/202105-22 https://security.netapp.com/advisory/ntap-20210430-0001 https://www.samba.org/samba/security/CVE-2021-20254 • CWE-125: Out-of-bounds Read •
CVE-2021-20208
https://notcve.org/view.php?id=CVE-2021-20208
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en cifs-utils en versiones anteriores a la 6.13. Cuando un usuario monta un sistema de archivos CIFS krb5 desde un contenedor, puede usar las credenciales de Kerberos del host. • https://bugzilla.redhat.com/show_bug.cgi?id=1921116 https://bugzilla.samba.org/show_bug.cgi?id=14651 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •