CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32686 – Denial of Service in PJSIP
https://notcve.org/view.php?id=CVE-2021-32686
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. • https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd https://github.com/pjsip/pjproject/pull/2716 https://github.com/pjsip/pjproject/releases/tag/2.11.1 https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2021/dsa-4999 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 1CVE-2021-32558
https://notcve.org/view.php?id=CVE-2021-32558
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur. Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo • http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html http://seclists.org/fulldisclosure/2021/Jul/49 https://downloads.asterisk.org/pub/security/AST-2021-008.html https://issues.asterisk.org/jira/browse/ASTERISK-29392 https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html https://www.debian.org/security/2021/dsa-4999 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 1CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuración. Debido a errores en la lógica, la función de coincidencia de la configuración no tenía en cuenta "issuercert" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que podía conllevar a que libcurl reusara conexiones erróneas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparación tampoco incluía el "issuercert" que una transferencia puede ajustar para calificar cómo verificar el certificado del servidor A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf https://hackerone.com/reports/1223565 https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0c • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35063
https://notcve.org/view.php?id=CVE-2021-35063
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." Suricata versiones anteriores a 5.0.7 y versiones 6.x anteriores a 6.0.3, presenta una "evasión crítica" • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835 https://bugzilla.redhat.com/show_bug.cgi?id=1980453 https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 https://github.com/OISF/suricata/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL https://security-tracker.debian.org/tracker/ •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2021-32761 – Integer overflow issues with *BIT commands on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-32761
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. • https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD https://security.gentoo.org/glsa/202209-17 https://security.netapp&# • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •