CVE-2023-3576 – Libtiff: memory leak in tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-3576
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Se encontró una falla de pérdida de memoria en la utilidad tiffcrop de Libatiff. Este problema se produce cuando tiffcrop opera en un archivo de imagen TIFF, lo que permite a un atacante pasar un archivo de imagen TIFF manipulado a la utilidad tiffcrop, lo que provoca este problema de pérdida de memoria, un bloqueo de la aplicación y, finalmente, una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:6575 https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-43804 – `Cookie` HTTP header isn't stripped on cross-origin redirects
https://notcve.org/view.php?id=CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 es una librería cliente HTTP fácil de usar para Python. urllib3 no trata el encabezado HTTP "Cookie" de manera especial ni proporciona ayuda para administrar las cookies a través de HTTP, eso es responsabilidad del usuario. Sin embargo, es posible que un usuario especifique un encabezado "Cookie" y, sin saberlo, filtre información a través de redireccionamientos HTTP a un origen diferente si ese usuario no deshabilita los redireccionamientos explícitamente. Este problema se solucionó en urllib3 versión 1.26.17 o 2.0.5. • https://github.com/JawadPy/CVE-2023-43804-Exploit https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-43785 – Libx11: out-of-bounds memory access in _xkbreadkeysyms()
https://notcve.org/view.php?id=CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Se encontró una vulnerabilidad en libX11 debido a una condición de los límite dentro de la función _XkbReadKeySyms(). Esta falla permite a un usuario local desencadenar un error de lectura fuera de los límites y leer el contenido de la memoria del sistema. • https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2023-43786 – Libx11: stack exhaustion from infinite recursion in putsubimage()
https://notcve.org/view.php?id=CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Se encontró una vulnerabilidad en libX11 debido a un bucle infinito dentro de la función PutSubImage(). Esta falla permite que un usuario local consuma todos los recursos disponibles del sistema y provoque una condición de denegación de servicio. • https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ https://security.netapp.com/advisory/ntap-20231103-000 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Se encontró una vulnerabilidad en libX11 debido a un desbordamiento de enteros dentro de la función XCreateImage(). Esta falla permite a un usuario local desencadenar un desbordamiento de enteros y ejecutar código arbitrario con privilegios elevados. • http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •