CVSS: 5.3EPSS: 5%CPEs: 76EXPL: 0CVE-2016-3119 – krb5: null pointer dereference in kadmin
https://notcve.org/view.php?id=CVE-2016-3119
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. La función process_db_args en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.13.4 y 1.14.x hasta la versión 1.14.1 no maneja adecuadamente el argumento DB, lo que permite a usuarios remotros autenticados provocar una denegación de servicio (referencia a puntero NULL y caída de demonio) a través de una petición manipulada para modificar una principal. A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. • http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2591.html http://www.securityfocus.com/bid/85392 http://www.securitytracker.com/id/1035399 https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html https://access.redhat.com/security/cve/CVE-2016-3119 https://bugzilla.redhat.com/show_bug& • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 14%CPEs: 10EXPL: 0CVE-2016-2315 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. revision.c en git en versiones anteriores a 2.7.4 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, dando lugar a un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 10.0EPSS: 13%CPEs: 10EXPL: 0CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 4CVE-2016-2851 – libotr 4.1.0 - Memory Corruption
https://notcve.org/view.php?id=CVE-2016-2851
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. Desbordamiento de entero en proto.c en libotr en versiones anteriores a 4.1.1 en plataformas de 64-bit permite a atacantes remotos causar denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código arbitrario a través de una serie de mensajes OTR grandes, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected. • https://www.exploit-db.com/exploits/39550 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html http://seclists.org/fulldisclosure/2016/Mar/21 http://www.debian.org/security/2016/dsa-3512 http://www.securityfocus.com/archive/1/537745/100/0/threaded http://www.securityfocus.com/bid/84285 http://www.ubuntu.com/usn/USN-2926-1 https://lists.cypherpunks.ca/pipermail/otr-users/2016-Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0787 – libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length
https://notcve.org/view.php?id=CVE-2016-0787
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." La función diffie_hellman_sha256 en kex.c en libssh2 en versiones anteriores a 1.7.0 trunca de manera incorrecta secretos a 128 o 256 bits, lo que hace más fácil para atacantes man-in-the-middle descifrar o interceptar sesiones SSH a través de vectores no especificados, también conocido como "bits/bytes confusion bug". A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177980.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178573.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00008.html http://www.debian.org/security/2016/dsa-3487 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/82514 https://bto.bluecoat.com/security-advisory/sa120 https://kc.mcafee.com/corporate/index?page=content&id=SB10156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-704: Incorrect Type Conversion or Cast •