CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39947 – Another heap overflow in push_back_helper
https://notcve.org/view.php?id=CVE-2023-39947
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.1, 2.10.2, 2.9.2, y 2.6.6, incluso después de la corrección en el commit 3492270, los parámetros malformados `PID_PROPERTY_LIST` causan desbordamiento de heap en un contador de programa diferente. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39946 – Heap overflow in push_back_helper due to a CDR message
https://notcve.org/view.php?id=CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39945 – Malformed serialized data in a data submessage leads to unhandled exception
https://notcve.org/view.php?id=CVE-2023-39945
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.0, 2.10.2, 2.9.2, y 2.6.5, un submensaje de datos enviado al puerto PDP lanzaba una `BadParamException` no manejada en fastcdr, que a su vez bloqueaba fastdds. Las versiones 2.11.0, 2.10.2, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39534 – Malformed GAP submessage triggers assertion failure
https://notcve.org/view.php?id=CVE-2023-39534
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0, 2.9.2 y 2.6.5, un submensaje GAP malformado podía provocar un fallo de aserción, bloqueando FastDDS. Las versiones 2.10.0, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252 https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39418 – Postgresql: merge fails to enforce update or select row security policies
https://notcve.org/view.php?id=CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Se encontró una vulnerabilidad en PostgreSQL con el uso del comando MERGE, que no puede probar nuevas filas con las políticas de seguridad de filas definidas para ACTUALIZAR y SELECCIONAR. Si las políticas ACTUALIZAR y SELECCIONAR prohíben algunas filas que las políticas INSERTAR no prohíben, un usuario podría almacenar dichas filas. • https://access.redhat.com/errata/RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7885 https://access.redhat.com/security/cve/CVE-2023-39418 https://bugzilla.redhat.com/show_bug.cgi?id=2228112 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 https://security.netapp.com/advisory/ntap-20230915-0002 https://www.debian.org/security •