CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40186 – IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40186
An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash. • https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives& • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40181 – Integer-Underflow leading to Out-Of-Bound Read in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40181
Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. • https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261 https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list& • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-39350 – Incorrect offset calculation leading to denial of service in FreeRDP
https://notcve.org/view.php?id=CVE-2023-39350
Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. ... When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS). • https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41185 – Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41185
Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. ... When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. ... When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. • https://www.zerodayinitiative.com/advisories/ZDI-23-1286 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40022 – Rizin vulnerable to Integer Overflow in C++ demangler logic
https://notcve.org/view.php?id=CVE-2023-40022
Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. • https://github.com/rizinorg/rizin/pull/3753 https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419 https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018 https://github.com/rizinorg/rz-libdemangle/pull/54 • CWE-190: Integer Overflow or Wraparound •