CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2898
https://notcve.org/view.php?id=CVE-2023-2898
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao%40kernel.org https://security.netapp.com/advisory/ntap-20230929-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32067 – 0-byte UDP payload DoS in c-ares
https://notcve.org/view.php?id=CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. A vulnerability was found in c-ares. • https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7 https://security.gentoo.org/glsa/202310-09 https://security.n • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-31130 – Buffer Underwrite in ares_inet_net_pton()
https://notcve.org/view.php?id=CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. A vulnerability was found in c-ares. • https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7 https://security.gentoo.org/glsa/202310-09 https://security.n • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2855 – wireshark: Candump log file parser crash
https://notcve.org/view.php?id=CVE-2023-2855
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file La falla del analizador de registros de Candump en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de un archivo de captura manipulado A flaw was found in the Candump log file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2855.json https://gitlab.com/wireshark/wireshark/-/issues/19062 https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-12.html https://access.redhat.com/security/cve/CVE-2023-2855 https://bugzilla.redhat.com/show_bug.cgi?id=2210822 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2854
https://notcve.org/view.php?id=CVE-2023-2854
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json https://gitlab.com/wireshark/wireshark/-/issues/19084 https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-17.html • CWE-787: Out-of-bounds Write •