Page 48 of 240 results (0.011 seconds)

CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 1

CVE-2023-28320

https://notcve.org/view.php?id=CVE-2023-28320

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1929597 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230609-0009 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 1

CVE-2023-28321 – curl: IDN wildcard match may lead to Improper Cerificate Validation

https://notcve.org/view.php?id=CVE-2023-28321

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. A flaw was found in the Curl package. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1950627 https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK https://security.gentoo • CWE-295: Improper Certificate Validation •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-30774 – libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value

https://notcve.org/view.php?id=CVE-2023-30774

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. • http://seclists.org/fulldisclosure/2023/Oct/24 https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://gitlab.com/libtiff/libtiff/-/issues/463 https://security.netapp.com/advisory/ntap-20230703-0002 https://support.apple.com/kb/HT213984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-28200

https://notcve.org/view.php?id=CVE-2023-28200

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213677 https://support.apple.com/kb/HT213843 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow

https://notcve.org/view.php?id=CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://oss-fuzz.com/download?testcase_id=5738253143900160 https://security.netapp.com/advisory/ntap-20221215-0009 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213843 https://vuldb.com/?id.213549 https://access.redhat.com/security/cve/CVE-2022-3970 https • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •