CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •
CVE-2019-10192 – redis: Heap buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10192
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4 de Redis. Por la corrupción cuidadosa de un hyperloglog usando el comando SETRANGE, un atacante podría engañar la interpretación de Redis de codificación HLL densa para escribir hasta 3 bytes más allá del final de un búfer asignado a la pila. A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2506 https://access.redhat.com/errata/RHSA-2019:2508 https://access.redhat.com/errata/RHSA-2019:2621 https://access.redhat.com/errata/RHSA-2019:2630 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192 https://raw.githubusercontent.com/antir • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-10193 – redis: Stack buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10193
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4. Por la corrupción de un hiperloglog usando el comando SETRANGE, un atacante podría causar que Redis realizara incrementos controlados de hasta 12 bytes más allá del final de un búfer asignado a la pila. A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:2002 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://seclists.org/bugtraq/2019/Jul/19 https://security.gentoo.org/glsa/201908-0 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-12527 – squid: heap-based buffer overflow in HttpHeader::getAuth
https://notcve.org/view.php?id=CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. Se detectó un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticación básica con la función HttpHeader::getAuth, Squid utiliza un búfer global para almacenar los datos descodificados. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.securityfocus.com/bid/109143 http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch https://access.redhat.com/errata/RHSA-2019:2593 https://github.com/squid-cache/squid/commits/v4 https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-13313 – Libosinfo: osinfo-install-script option leaks password via command line argument
https://notcve.org/view.php?id=CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. libosinfo versión 1.5.0, permite a los usuarios locales descubrir credenciales mediante la enumeración de un proceso, porque las credenciales son pasadas en un script de instalación de osinfo por medio de la línea de comandos. A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing. • http://www.openwall.com/lists/oss-security/2019/07/08/3 https://access.redhat.com/errata/RHSA-2019:3387 https://gitlab.com/libosinfo/libosinfo/-/tags https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS https://libosinfo.org/download https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR https://lists.fedoraproject • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •