CVE-2023-4147 – Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free
https://notcve.org/view.php?id=CVE-2023-4147
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró una falla de use-after-free en la funcionalidad Netfilter del kernel de Linux al agregar una regla con NFTA_RULE_CHAIN_ID. Esta falla permite a un usuario local bloquear o escalar sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5093 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/security/cve/CVE-2023-4147 https://bugzilla.redhat.com/show_bug.cgi?id=2225239 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ • CWE-416: Use After Free •
CVE-2022-2127 – Samba: out-of-bounds read in winbind auth_crap
https://notcve.org/view.php?id=CVE-2022-2127
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. • https://access.redhat.com/errata/RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0580 https://access.redhat.com/security/cve/CVE-2022-2127 https://bugzilla.redhat.com/show_bug.cgi?id=2222791 https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC https:& • CWE-125: Out-of-bounds Read •
CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 https://bugzilla.redhat.com/show_bug.cgi?id=2212283 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-32627 – Floating point exception in src/voc.c
https://notcve.org/view.php?id=CVE-2023-32627
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 https://bugzilla.redhat.com/show_bug.cgi?id=2212282 https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •