CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26490
https://notcve.org/view.php?id=CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT https://security.netapp.com/advisory/ntap-20220429-0004 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-26495
https://notcve.org/view.php?id=CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. En nbd-server en nbd versiones anteriores a 3.24, se presenta un desbordamiento de enteros con un desbordamiento de búfer en la región heap de la memoria resultante. Un valor de 0xffffff en el campo de longitud del nombre causará que se asigne un búfer de tamaño cero para el nombre, resultando en una escritura en un puntero colgante. • https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html https://lists.debian.org/nbd/2022/01/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 https://security.gentoo.org/glsa/202402-10 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26505
https://notcve.org/view.php?id=CVE-2022-26505
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. Un problema de reenganche de DNS en ReadyMedia (anteriormente MiniDLNA) versiones anteriores a 1.3.1, permite que un servidor web remoto exfiltre archivos multimedia • http://www.openwall.com/lists/oss-security/2022/03/06/1 https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html https://security.gentoo.org/glsa/202311-12 https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940 https://www.openwall.com/lists/oss-security/2022/03/03/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24921 – golang: regexp: stack exhaustion via a deeply nested expression
https://notcve.org/view.php?id=CVE-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. El archivo regexp.Compile en Go versiones anteriores a 1.16.15 y versiones 1.17.x anteriores a 1.17.8, permite un agotamiento de la pila por medio de una expresión profundamente anidada A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service. • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://security.gentoo.org/glsa/202208-02 https://security.netapp.com/advisory/ntap-20220325-0010 https://access.redhat.com/security/cve/CVE-2022-24921 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-21716 – Buffer Overflow in Twisted
https://notcve.org/view.php?id=CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. • https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-770: Allocation of Resources Without Limits or Throttling •