CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htm • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39949 – Improper validation of sequence numbers leading to remotely reachable assertion failure
https://notcve.org/view.php?id=CVE-2023-39949
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.9.1 y 2.6.5, una validación incorrecta de los números de secuencia puede provocar un fallo de aserción alcanzable remotamente. • https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059 https://github.com/eProsima/Fast-DDS/issues/3236 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39948 – Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds
https://notcve.org/view.php?id=CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0 y 2.6.5, la `BadParamException` lanzada por Fast CDR no es capturada en Fast DDS. • https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip https://github.com/eProsima/Fast-DDS/issues/3422 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39947 – Another heap overflow in push_back_helper
https://notcve.org/view.php?id=CVE-2023-39947
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.1, 2.10.2, 2.9.2, y 2.6.6, incluso después de la corrección en el commit 3492270, los parámetros malformados `PID_PROPERTY_LIST` causan desbordamiento de heap en un contador de programa diferente. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39946 – Heap overflow in push_back_helper due to a CDR message
https://notcve.org/view.php?id=CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. • https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx https://www.debian.org/security/2023/dsa-5481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •