Page 51 of 412 results (0.015 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-40318 – frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff

https://notcve.org/view.php?id=CVE-2022-40318

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. Se descubrió un problema en bgpd en FRRouting (FRR) hasta 8.4. • https://github.com/FRRouting/frr/releases https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-40318 https://bugzilla.redhat.com/show_bug.cgi?id=2196091 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-43681 – frr: out-of-bounds read exists in the BGP daemon of FRRouting

https://notcve.org/view.php?id=CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Existe una lectura fuera de los límites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN con formato incorrecto que termina con el octeto de longitud de la opción (o la palabra de longitud de la opción, en el caso de un mensaje OPEN extendido), el código FRR se lee fuera de los límites del paquete, lanzando una señal SIGABRT y saliendo. • https://forescout.com https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-43681 https://bugzilla.redhat.com/show_bug.cgi?id=2196088 • CWE-125: Out-of-bounds Read •

CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-2269 – kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos

https://notcve.org/view.php?id=CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBLBKW2WM5YSTS6OGEU5SYHXSJ5EWSTV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXHBLWYNSUBS77TYPOJTADPDXKBH2F4U https://lore.kernel.org/lkml • CWE-413: Improper Resource Locking CWE-667: Improper Locking •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-31084 – kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

https://notcve.org/view.php?id=CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W https://lore.kernel.org/all/CA •

CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-26049 – Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

https://notcve.org/view.php?id=CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. • https://github.com/eclipse/jetty.project/pull/9339 https://github.com/eclipse/jetty.project/pull/9352 https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://security.netapp.com/advisory/ntap-20230526-0001 https://www.debian.org/security/2023/dsa-5507 https://www.rfc-editor.org/rfc/rfc2965 https://www.rfc-editor.org/rfc/rfc6265 https://access.redhat.com/security/cve/CVE-2023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1286: Improper Validation of Syntactic Correctness of Input •