CVE-2021-3527
https://notcve.org/view.php?id=CVE-2021-3527
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. Se encontró un fallo en el dispositivo redirector USB (usb-redir) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210708-0008 https://www.openwall.com/lists/oss-security/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956856 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36331 • CWE-125: Out-of-bounds Read •
CVE-2020-36330 – libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c
https://notcve.org/view.php?id=CVE-2020-36330
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkVerifyAndAssign. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956853 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211104-0004 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36330 • CWE-125: Out-of-bounds Read •
CVE-2020-36329 – libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
https://notcve.org/view.php?id=CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró un uso de la memoria previamente liberada debido a que un subproceso se eliminó demasiado pronto. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956843 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36329 • CWE-416: Use After Free •
CVE-2020-36328 – libwebp: heap-based buffer overflow in WebPDecode*Into functions
https://notcve.org/view.php?id=CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Un desbordamiento del búfer en la región heap de la memoria en la función WebPDecodeRGBInto es posible debido a una verificación no válida del tamaño del búfer. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956829 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36328 • CWE-787: Out-of-bounds Write •