CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-43618 – gmp: Integer overflow and resultant buffer overflow via crafted input
https://notcve.org/view.php?id=CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. GNU Multiple Precision Arithmetic Library (GMP) versiones hasta 6.2.1, presenta un desbordamiento de enteros mpz/inp_raw.c y un desbordamiento de búfer resultante por medio de una entrada diseñada, conllevando a un fallo de segmentación en plataformas de 32 bits A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2022/Oct/8 http://www.openwall.com/lists/oss-security/2022/10/13/3 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html https://security.gentoo.org/glsa/202309-13 https://security.netapp.com/advisory/ntap-20221111-0001 https://access.redhat.com/security/cve/CVE-2021-43618&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3760
https://notcve.org/view.php?id=CVE-2021-3760
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. Se ha encontrado un fallo en el kernel de Linux. Una vulnerabilidad de uso de memoria previamente liberada en la pila NFC puede conllevar a una amenaza a la confidencialidad, integridad y disponibilidad del sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2000585 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220318-0007 https://www.debian.org/security/2022/dsa-5096 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 18EXPL: 3CVE-2021-43267 – kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
https://notcve.org/view.php?id=CVE-2021-43267
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. Se ha detectado un problema en el archivo net/tipc/crypto.c en el kernel de Linux versiones anteriores a 5.14.16. La funcionalidad Transparent Inter-Process Communication (TIPC) permite a atacantes remotos explotar una comprobación insuficiente de los tamaños suministrados por el usuario para el tipo de mensaje MSG_CRYPTO A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. • https://github.com/zzhacked/CVE-2021-43267 https://github.com/DarkSprings/CVE-2021-43267-POC http://www.openwall.com/lists/oss-security/2022/02/10/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&# • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-43057
https://notcve.org/view.php?id=CVE-2021-43057
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.14.8. Un uso de memoria previamente liberada en la función selinux_ptrace_traceme (también conocido como el manejador de SELinux para PTRACE_TRACEME) podría ser usado por atacantes locales para causar una corrupción de memoria y escalar privilegios, también se conoce como CID-a3727a8bac0a. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7 https://security.netapp.com/advisory/ntap-20211125-0001 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 51EXPL: 0CVE-2021-25219 – Lame cache can be abused to severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. En BIND versiones 9.3.0 posteriores a 9.11.35, versiones 9.12.0 posteriores a 9.16.21, y en versiones 9.9.3-S1 posteriores a 9.11.35-S1 y versiones 9.16.8-S1 posteriores a 9.16.21-S1 de BIND Supported Preview Edition, así como en las versiones 9.17.0 -> 9.17.18 de la rama de desarrollo de BIND 9.17, una explotación de servidores autoritativos rotos usando un fallo en el procesamiento de respuestas puede causar una degradación en el rendimiento del resolver BIND. La forma en que está diseñada actualmente la caché de lame hace posible que sus estructuras de datos internas crezcan casi infinitamente, lo que puede causar retrasos significativos en el procesamiento de las consultas de los clientes A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25219 https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5 • CWE-20: Improper Input Validation •