CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28131 – Stack exhaustion from deeply nested XML documents in encoding/xml
https://notcve.org/view.php?id=CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. En Decoder.Skip en encoding/xml en Go antes de 1.17.12 y 1.18.x antes de 1.18.4, el agotamiento de la pila y un pánico puede ocurrir a través de un documento XML profundamente anidado A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability. • https://go.dev/cl/417062 https://go.dev/issue/53614 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://pkg.go.dev/vuln/GO-2022-0521 https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of the C-language APIs provided by SQLite. This flaw allows a remote attacker to pass specially crafted large input to the application and perform a denial of service (DoS) attack. • https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api https://kb.cert.org/vuls/id/720344 https://security.gentoo.org/glsa/202210-40 https://security.netapp.com/advisory/ntap-20220915-0009 https://sqlite.org/releaselog/3_39_2.html https://www.sqlite.org/cves.html https://access.redhat.com/security/cve/CVE-2022-35737 https://bugzilla.redhat.com/show_bug.cgi?id=2110291 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 2CVE-2022-36123
https://notcve.org/view.php?id=CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. El kernel de Linux versiones anteriores a 5.18.13, carece de una determinada operación de borrado para el símbolo de inicio de bloque (.bss). Esto permite a usuarios del SO huésped Xen PV causar una denegación de servicio o conseguir privilegios • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 https://security.netapp.com/advisory/ntap-20220901-0003 https://sick.codes/sick-2022-128 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-34526
https://notcve.org/view.php?id=CVE-2022-34526
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. Se ha descubierto un desbordamiento de pila en la función _TIFFVGetField de Tiffsplit v4.4.0. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo TIFF manipulado analizado por las utilidades "tiffsplit" o "tiffcrop" • https://gitlab.com/libtiff/libtiff/-/issues/433 https://gitlab.com/libtiff/libtiff/-/issues/486 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ https://security.netapp.com/advisory/ntap-20220930-0002 https://www.debian.org/security/2023/dsa-5333 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 44EXPL: 0CVE-2022-36879 – kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
https://notcve.org/view.php?id=CVE-2022-36879
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.14. la función xfrm_expand_policies en el archivo net/xfrm/xfrm_policy.c puede causar que un refcount sea descartado dos veces A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the refcount to drop twice, leading to a possible crash and a denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901 https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20220901-0007 https://www.debian.org/security/2022/dsa-5207 https://access.redhat.com/security/cve/CVE-2022-36879 https://bugzilla.r • CWE-911: Improper Update of Reference Count •