CVE-2019-12900 – bzip2: out-of-bounds write in function BZ2_decompress
https://notcve.org/view.php?id=CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html https://gitlab.com/federicomenaqui • CWE-787: Out-of-bounds Write •
CVE-2019-5598
https://notcve.org/view.php?id=CVE-2019-5598
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. n FreeBSD 11.3-PRERELEASE antes de r345378, 12.0-ESTABLE antes de r345377, 11.2-RELEASE antes de 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en pf no verifica si el paquete ICMP exterior o ICMP6 tiene la misma IP de destino que la IP de la fuente del paquete de protocolo interno permitiendo la creación maliciosa de un paquete ICMP / ICMP6 podría eludir las reglas de el Packet Filter y pasar a un host que de lo contrario estará inhabilitado. • http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html http://www.securityfocus.com/bid/108395 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc https://security.netapp.com/advisory/ntap-20190611-0001 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.synacktiv.com/posts/systems/icmp-reachable.html • CWE-20: Improper Input Validation •
CVE-2019-5597
https://notcve.org/view.php?id=CVE-2019-5597
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. En FreeBSD 11.3-PRERELEASE y 12.0-STABLE anterior a r347591, 11.2-RELEASE anterior a 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en la lógica de reensamblado del fragmento pf IPv6 usa incorrectamente la última extensión del encabezado desde el desvío el último paquete recibido en vez del primer paquete permitiendo que los paquetes IPv6 diseñados con fines maliciosos originen un bloqueo o omitan potencialmente el Packet Filter. • http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html http://www.securityfocus.com/bid/108395 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc https://security.netapp.com/advisory/ntap-20190611-0001 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf • CWE-20: Improper Input Validation •
CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side channel) como resultado de diferencias de tiempo observables y patrones de acceso a la caché. Un atacante puede conseguir información filtrada de un ataque de canal lateral (side channel) que pueda ser usado para la recuperación completa de la contraseña. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https: • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/p • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •