Page 4 of 105 results (0.011 seconds)

CVSS: 8.1EPSS: 10%CPEs: 40EXPL: 2

CVE-2021-22901 – curl: Use-after-free in TLS session handling when using OpenSSL TLS backend

https://notcve.org/view.php?id=CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. curl versiones 7.75.0 hasta 7.76.1 sufre de una vulnerabilidad de uso de la memoria previamente liberada que resulta en el uso de memoria ya liberada cuando un ticket de sesión TLS 1.3 llega a través de una conexión. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf https://curl.se/docs/CVE-2021-22901.html https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 https://hackerone.com/reports/1180380 https://security.netapp.com/advisory/ntap-20210723-0001 https://security.netapp.com/advisory/ntap-20210727-0007 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022. • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2

CVE-2020-25673

https://notcve.org/view.php?id=CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS https://security.netapp.com/advisory/ntap-20210702-0008 https://www.openwall.com/lists/oss-security/2020 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2

CVE-2020-25671

https://notcve.org/view.php?id=CVE-2020-25671

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-416: Use After Free •

CVSS: 8.7EPSS: 0%CPEs: 22EXPL: 1

CVE-2021-22543 – Improper memory handling in Linux KVM

https://notcve.org/view.php?id=CVE-2021-22543

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Se detectó un problema en Linux: KVM mediante del manejo inapropiado de Los vmas VM_IO|VM_PFNMAP en KVM pueden omitir unas comprobaciones RO y puede conllevar a que las páginas sean liberadas mientras el VMM y el invitado aún pueden acceder a ellas. Esto permite a usuarios con la capacidad de iniciar y controlar una máquina virtual leer y escribir páginas aleatorias de memoria y puede resultar en una escalada de privilegios local A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. • http://www.openwall.com/lists/oss-security/2021/06/26/1 https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI77 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2020-25672

https://notcve.org/view.php?id=CVE-2020-25672

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Se encontró una vulnerabilidad de pérdida de memoria en el kernel de Linux en la función llcp_sock_connect • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-401: Missing Release of Memory after Effective Lifetime •