CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un desbordamiento aritmético conllevando a una asignación de memoria de tamaño cero con el posterior desbordamiento del búfer en la región heap de la memoria A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security/2021/09/21/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311 https://security.gentoo.org/glsa/202104-05 https://usn.ubuntu.com/4432-1 https://acce • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 versiones anteriores a 2.06, en la función read_section_as_string(). Se espera que el nombre de la fuente sea una longitud máxima UINT32_MAX - 1 en bytes, pero no lo verifica antes de proceder con la asignación del búfer para leer el valor desde el valor de la fuente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310 https://security.gentoo.org/glsa/202104-05 https://usn.ubuntu.com/4432-1 https://access.redhat.com/security/cve/CVE-2020-14310 https://bugzilla.redhat.com/show_bug.cgi?id=1852030 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2019-15604 – nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string
https://notcve.org/view.php?id=CVE-2019-15604
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate Una Comprobación Inapropiada del Certificado en Node.js versiones 10, 12 y 13, causa que el proceso se aborte cuando se envía un certificado X.509 diseñado. An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html https://access.redhat.com/errata/RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0602 https://hackerone.com/reports/746733 https://nodejs.org/en/blog/release/v10.19.0 https://nodejs.org/en/blog/release/v12.15.0 https://nodejs.org/en/b • CWE-172: Encoding Error CWE-295: Improper Certificate Validation •
CVE-2019-15605 – nodejs: HTTP request smuggling using malformed Transfer-Encoding header
https://notcve.org/view.php?id=CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed El tráfico no autorizado de peticiones HTTP en Node.js versiones 10, 12 y 13, causa la entrega maliciosa de la carga útil cuando la codificación de transferencia es malformada. A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html https://access.redhat.com/errata/RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0703 https://access.redhat.com/errata/RHSA-2020:0707 https://access.redhat.com/errata/RHSA-2020:0708 https://hackerone& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-6851 – openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor()
https://notcve.org/view.php?id=CVE-2020-6851
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. OpenJPEG hasta la versión 2.3.1 tiene un desbordamiento de búfer basado en almacenamiento dinámico en opj_t1_clbl_decode_processor en openjp2 / t1.c debido a la falta de validación de opj_j2k_update_image_dimensions. A heap-based buffer overflow flaw was found in openjpeg in the opj_t1_clbl_decode_processor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability. • https://access.redhat.com/errata/RHSA-2020:0262 https://access.redhat.com/errata/RHSA-2020:0274 https://access.redhat.com/errata/RHSA-2020:0296 https://github.com/uclouvain/openjpeg/issues/1228 https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V https://lists.fedoraproject.org/archives/list/pa • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •