CVE-2022-27379 – mariadb: server crash in component arg_comparator::compare_real_fixed
https://notcve.org/view.php?id=CVE-2022-27379
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Arg_comparator::compare_real_fixed de MariaDB Server versiones v10.6.2 y anteriores, que permite a atacantes causar una Denegación de Servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. The component, Arg_comparator::compare_real_fixed, allows attackers to cause a denial of service (DoS) via specially crafted SQL statements, affecting availability. • https://jira.mariadb.org/browse/MDEV-26353 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0005 https://access.redhat.com/security/cve/CVE-2022-27379 https://bugzilla.redhat.com/show_bug.cgi?id=2074951 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-27377 – mariadb: use-after-poison when complex conversion is involved in blob
https://notcve.org/view.php?id=CVE-2022-27377
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.6.3 y anteriores, contienen un uso de memoria previamente liberada en el componente Item_func_in::cleanup(), que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server, where it contains a use-after-free in the component, Item_func_in::cleanup(). This issue is exploited via specially crafted SQL statements, affecting availability. • https://jira.mariadb.org/browse/MDEV-26281 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220526-0007 https://access.redhat.com/security/cve/CVE-2022-27377 https://bugzilla.redhat.com/show_bug.cgi?id=2074947 • CWE-416: Use After Free •
CVE-2022-27376 – mariadb: assertion failure in Item_args::walk_arg
https://notcve.org/view.php?id=CVE-2022-27376
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.6.5 y anteriores, contienen un uso de memoria previamente liberada en el componente Item_args::walk_arg, que es explotada por medio de sentencias SQL especialmente diseñadas A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Item_args::walk_arg, which is exploited via specially crafted SQL statements, affecting availability. • https://jira.mariadb.org/browse/MDEV-26354 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html https://security.netapp.com/advisory/ntap-20220519-0007 https://access.redhat.com/security/cve/CVE-2022-27376 https://bugzilla.redhat.com/show_bug.cgi?id=2074817 • CWE-416: Use After Free CWE-617: Reachable Assertion •
CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-0778 – Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://notcve.org/view.php?id=CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. • https://github.com/drago-96/CVE-2022-0778 https://github.com/jkakavas/CVE-2022-0778-POC https://github.com/0xUhaw/CVE-2022-0778 https://github.com/jeongjunsoo/CVE-2022-0778 http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://cert-portal.siemens.com/productcert/pdf/ssa-712 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •