CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2021-20305 – nettle: Out of bounds memory access in signature verification
https://notcve.org/view.php?id=CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en Nettle en versiones anteriores a 3.7.2, donde varias funciones de comprobación de firma de Nettle (GOST DSA, EDDSA y ECDSA) resultan en la función de multiplicación del punto Elliptic Curve Cryptography (ECC) ser llamados con escaladores fuera de rango, posiblemente resultando en resultados incorrectos. Este fallo permite a un atacante forzar una firma no válida, causando un fallo de aserción o una posible validación. • https://bugzilla.redhat.com/show_bug.cgi?id=1942533 https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63 https://security.gentoo.org/glsa/202105-31 https://security.netapp.com/advisory/ntap-20211022-0002 https://www.debian.org/security/2021/dsa-4933 https://access.redhat.com/security/cve/CVE-2021-20305 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-20231 – gnutls: Use after free in client key_share extension
https://notcve.org/view.php?id=CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922276 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2021-22884 – nodejs: DNS rebinding in --inspect
https://notcve.org/view.php?id=CVE-2021-22884
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a unos ataques de reenlace de DNS, ya que la lista blanca incluye “localhost6”. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1069487 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ https://nodejs.org/en/blog/vulnerability/february-2021-security-releases& • CWE-20: Improper Input Validation CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20220 – undertow: Possible regression in fix for CVE-2020-10687
https://notcve.org/view.php?id=CVE-2021-20220
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1923133 https://security.netapp.com/advisory/ntap-20220210-0013 https://access.redhat.com/security/cve/CVE-2021-20220 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •