CVE-2023-31137 – MaraDNS Integer Underflow Vulnerability in DNS Packet Decompression
https://notcve.org/view.php?id=CVE-2023-31137
MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58. • https://github.com/samboy/MaraDNS/blob/08b21ea20d80cedcb74aa8f14979ec7c61846663/dns/Decompress.c#L886 https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58 https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB7 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2023-31490 – frr: missing length check in bgp_attr_psid_sub() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31490
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Un problema encontrado en Frrouting bgpd v.8.4.2 permite a un atacante remoto causar una denegación de servicio a través de la función bgp_attr_psid_sub(). A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_attr_psid_sub function. • https://github.com/FRRouting/frr/issues/13099 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://www.debian.org/security/2023/dsa-5495 https • CWE-20: Improper Input Validation •
CVE-2023-2156 – Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-2156
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the RPL protocol. • http://www.openwall.com/lists/oss-security/2023/05/17/8 http://www.openwall.com/lists/oss-security/2023/05/17/9 http://www.openwall.com/lists/oss-security/2023/05/18/1 http://www.openwall.com/lists/oss-security/2023/05/19/1 https://bugzilla.redhat.com/show_bug.cgi?id=2196292 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://security.netapp.com/advisory/ntap-20230622-0001 https://www.debian.org/security/2023/dsa-5448 https:// • CWE-617: Reachable Assertion •
CVE-2022-40302 – frr: denial of service by crafting a BGP OPEN message with an option of type 0xff
https://notcve.org/view.php?id=CVE-2022-40302
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Se descubrió un problema en bgpd en FRRouting (FRR) a través de 8.4. Al crear un mensaje BGP OPEN con una opción de tipo 0xff (longitud extendida de RFC 9072), los atacantes pueden provocar una denegación de servicio (error de aserción y reinicio del servicio, o lectura fuera de los límites). • https://github.com/FRRouting/frr/releases https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-40302 https://bugzilla.redhat.com/show_bug.cgi?id=2196090 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVE-2022-40318 – frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff
https://notcve.org/view.php?id=CVE-2022-40318
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. Se descubrió un problema en bgpd en FRRouting (FRR) hasta 8.4. • https://github.com/FRRouting/frr/releases https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-40318 https://bugzilla.redhat.com/show_bug.cgi?id=2196091 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •