CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transferencias de datos duplicadas • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2022-1158 – kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
https://notcve.org/view.php?id=CVE-2022-1158
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. Se ha encontrado un fallo en KVM. Cuando era actualizada la entrada de la tabla de páginas de un huésped, vm_pgoff era usado incorrectamente como desplazamiento para obtener el pfn de la página. • https://bugzilla.redhat.com/show_bug.cgi?id=2069793 https://security.netapp.com/advisory/ntap-20230214-0003 https://www.openwall.com/lists/oss-security/2022/04/08/4 https://access.redhat.com/security/cve/CVE-2022-1158 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0934 – dnsmasq: Heap use after free in dhcp6_no_relay
https://notcve.org/view.php?id=CVE-2022-0934
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. En dnsmasq ha sido encontrado un fallo de escritura/uso de memoria previamente liberada de un byte no arbitrario. Este fallo permite a un atacante que envíe un paquete diseñado procesado por dnsmasq, causando potencialmente una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-0934 https://bugzilla.redhat.com/show_bug.cgi?id=2057075 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4213 – JSS: memory leak in TLS connection leads to OOM
https://notcve.org/view.php?id=CVE-2021-4213
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. Se ha encontrado un fallo en JSS, que no libera apropiadamente toda la memoria. Con el tiempo, la memoria desperdiciada es acumulada en la memoria del servidor, saturando la RAM del mismo. • https://access.redhat.com/security/cve/CVE-2021-4213 https://bugzilla.redhat.com/show_bug.cgi?id=2042900 https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 https://security-tracker.debian.org/tracker/CVE-2021-4213 • CWE-401: Missing Release of Memory after Effective Lifetime •