CVE-2023-34256
https://notcve.org/view.php?id=CVE-2023-34256
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectura fuera de límites en crc16 en "lib/crc16.c" cuando se llama dese "fs/ext4/super.c" porque "ext4_group_desc_csum" no comprueba correctamente un desplazamiento. • https://bugzilla.suse.com/show_bug.cgi?id=1211895 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321 • CWE-125: Out-of-bounds Read •
CVE-2023-2650 – Possible DoS translating ASN.1 object identifiers
https://notcve.org/view.php?id=CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. • http://www.openwall.com/lists/oss-security/2023/05/30/1 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-2952 – wireshark: XRA dissector infinite loop
https://notcve.org/view.php?id=CVE-2023-2952
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file El bucle infinito del disector XRA en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado A flaw was found in the XRA dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json https://gitlab.com/wireshark/wireshark/-/issues/19100 https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-20.html https://access.redhat.com/security/cve/CVE-2023-2952 https://bugzilla.redhat.com/show_bug.cgi?id=2211406 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-32307 – heap-over-flow and integer-overflow in sofia-sip
https://notcve.org/view.php?id=CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. • https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX https://www.debian.org/security/2023/dsa-5431 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2023-2002 – Kernel: bluetooth: Unauthorized management command execution
https://notcve.org/view.php?id=CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. • https://github.com/lrh2000/CVE-2023-2002 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240202-0004 https://www.debian.org/security/2023/dsa-5480 https://www.openwall.com/lists/oss-security/2023/04/16/3 https://access.redhat.com/security/cve/CVE-2023-2002 https://bugzilla.redhat.com/show_bug.cgi?id=2187308 • CWE-250: Execution with Unnecessary Privileges CWE-863: Incorrect Authorization •