CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-1999-0199
https://notcve.org/view.php?id=CVE-1999-0199
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. En el archivo manual/search.texi en la Biblioteca GNU C (también se conoce como glibc) versiones anteriores a 2.2, carece de una declaración sobre el valor de retorno tdelete no especificado al eliminar una raíz de un árbol, lo que podría permitir a atacantes acceder a un puntero colgado en una aplicación cuyo desarrollador no estaba al tanto de un actualización de documentación desde 1999 • https://ftp.gnu.org/gnu/glibc/glibc-2.2.tar.gz https://github.com/bminor/glibc/commit/2864e767053317538feafa815046fff89e5a16be#diff-94e8c502f255fdfc346df0e29fd4ef40 https://www.cee.studio/tdelete.html • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-24659 – gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent
https://notcve.org/view.php?id=CVE-2020-24659
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. Se detectó un problema en GnuTLS versiones anteriores a 3.6.15. Un servidor puede desencadenar una desreferencia del puntero NULL en un cliente TLS versión 1.3, si una alerta no_renegotiation es enviada con una sincronización no prevista y luego se produce un segundo protocolo de enlace no válido. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html https://gitlab.com/gnutls/gnutls/-/issues/1071 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N https://security.gentoo.org/glsa/202009-01 https://security.netapp.com/adviso • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24240
https://notcve.org/view.php?id=CVE-2020-24240
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. GNU Bison versión 3.7, presenta una vulnerabilidad de uso de la memoria previamente liberada (UAF). Un atacante local puede ejecutar bison con un archivo de entrada diseñado que contiene un byte NULL, lo que podría desencadenar un UAF y, por lo tanto, causar un bloqueo del sistema • https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d https://github.com/akimd/bison/compare/v3.7...v3.7.1 https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15705 – GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
https://notcve.org/view.php?id=CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afecta a los sistemas en los que el certificado de firma del kernel ha sido importado directamente a la base de datos de arranque seguro y la imagen de GRUB es iniciada directamente sin el uso de cuña. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2021/03/02/3 http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security&#x • CWE-347: Improper Verification of Cryptographic Signature CWE-440: Expected Behavior Violation •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser desencadenada al redefinir una función mientras la misma función ya se está ejecutando, conllevando a una ejecución de código arbitrario y a una omisión de restricción de arranque seguro. Este problema afecta a GRUB2 versiones 2.04 y versiones anteriores • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 https://access.redhat.com/security/vulnerabilities/grub2bootloader https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 https://security.gentoo.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •