CVE-2023-28484 – libxml2: NULL dereference in xmlSchemaFixupComplexType
https://notcve.org/view.php?id=CVE-2023-28484
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/491 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4 https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html https://security.netapp.com/advisory/ntap-20230601-0006 https://security.netapp.com/advisory/ntap-20240201-0005 https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2023-29469 – libxml2: Hashing of empty dict strings isn't deterministic
https://notcve.org/view.php?id=CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/510 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4 https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html https://security.netapp.com/advisory/ntap-20230601-0006 https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 • CWE-20: Improper Input Validation CWE-415: Double Free •
CVE-2023-30608 – Parser contains an inefficient regular expression in sqlparse
https://notcve.org/view.php?id=CVE-2023-30608
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. • https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS https://access.redhat.com/security/cve/CVE-2023-30608 https://bugzilla.redhat.com/show_bug.cgi?id=2187903 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-28856 – `HINCRBYFLOAT` can be used to crash a redis-server process
https://notcve.org/view.php?id=CVE-2023-28856
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c https://github.com/redis/redis/pull/11149 https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6 https://lists.fedoraproject. • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2023-26049 – Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty
https://notcve.org/view.php?id=CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. • https://github.com/eclipse/jetty.project/pull/9339 https://github.com/eclipse/jetty.project/pull/9352 https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://security.netapp.com/advisory/ntap-20230526-0001 https://www.debian.org/security/2023/dsa-5507 https://www.rfc-editor.org/rfc/rfc2965 https://www.rfc-editor.org/rfc/rfc6265 https://access.redhat.com/security/cve/CVE-2023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1286: Improper Validation of Syntactic Correctness of Input •