CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2023-0668 – Wireshark IEEE-C37.118 parsing buffer overflow
https://notcve.org/view.php?id=CVE-2023-0668
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. Debido a un fallo en la validación de la longitud proporcionada por un atacante de paquetes IEEE-C37.118, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de búfer de la pila, y posiblemente la ejecución de código en el contexto del proceso que ejecuta Wireshark. A flaw was found in the IEEE C37.118 Synchrophasor dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service. • https://gitlab.com/wireshark/wireshark/-/issues/19087 https://security.gentoo.org/glsa/202309-02 https://takeonme.org/cves/CVE-2023-0668.html https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html https://www.wireshark.org/security/wnpa-sec-2023-19.html https://access.redhat.com/security/cve/CVE-2023-0668 https://bugzilla.redhat.com/show_bug.cgi?id=2210835 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-28709 – Apache Tomcat: Fix for CVE-2023-24998 is incomplete
https://notcve.org/view.php?id=CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. • http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j https://security.gentoo.org/glsa/202305-37 https://security.netapp.com/advisory/ntap-20230616-0004 https://www.debian.org/security/2023/dsa-5521 https://access.redhat.com/security/cve/CVE-2023-28709 https://bugzilla.redhat.com/show_bug.cgi?id=2210321 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-2124 – kernel: OOB access in the Linux kernel's XFS subsystem
https://notcve.org/view.php?id=CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230622-0010 https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-2124 https&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-31490 – frr: missing length check in bgp_attr_psid_sub() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31490
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Un problema encontrado en Frrouting bgpd v.8.4.2 permite a un atacante remoto causar una denegación de servicio a través de la función bgp_attr_psid_sub(). A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_attr_psid_sub function. • https://github.com/FRRouting/frr/issues/13099 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://www.debian.org/security/2023/dsa-5495 https • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40302 – frr: denial of service by crafting a BGP OPEN message with an option of type 0xff
https://notcve.org/view.php?id=CVE-2022-40302
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Se descubrió un problema en bgpd en FRRouting (FRR) a través de 8.4. Al crear un mensaje BGP OPEN con una opción de tipo 0xff (longitud extendida de RFC 9072), los atacantes pueden provocar una denegación de servicio (error de aserción y reinicio del servicio, o lectura fuera de los límites). • https://github.com/FRRouting/frr/releases https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-40302 https://bugzilla.redhat.com/show_bug.cgi?id=2196090 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •