CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/ •
CVE-2016-7055 – openssl: Carry propagating bug in Montgomery multiplication
https://notcve.org/view.php?id=CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/94242 http://www.securitytracker.com/id/1037261 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2187 https://h20566.www2.hpe.com/hpsc/doc/public • CWE-682: Incorrect Calculation •
CVE-2016-5172 – chromium-browser: arbitrary memory read in v8
https://notcve.org/view.php?id=CVE-2016-5172
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. El analizador en Google V8, como se usa en Google Chrome en versiones anteriores a 53.0.2785.113, no maneja correctamente alcances, lo que permite a atacantes remotos obtener información sensible desde localizaciones de memoria arbitrarias a través de un código JavaScript manipulado. • http://rhn.redhat.com/errata/RHSA-2016-1905.html http://www.debian.org/security/2016/dsa-3667 http://www.securityfocus.com/bid/92942 http://www.securitytracker.com/id/1036826 https://codereview.chromium.org/2077283004 https://crbug.com/616386 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html https://security.gentoo.org/glsa/201610-09 https://access.redhat.com/security/cve/CVE-2016-5172 https://bugzilla.redhat.com/show_bug.cgi?id=13758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •