CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT https://security.netapp.com/advis • CWE-415: Double Free •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2022-24790 – HTTP Request Smuggling in puma
https://notcve.org/view.php?id=CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. • https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1154 – Use after free in utf_ptr2char in vim/vim
https://notcve.org/view.php?id=CVE-2022-1154
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Un uso de memoria previamente liberada en utf_ptr2char en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory. • https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL https://secur • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1160 – heap buffer overflow in get_one_sourceline in vim/vim
https://notcve.org/view.php?id=CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Un desbordamiento de búfer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647 • https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1122 – openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
https://notcve.org/view.php?id=CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un búfer para almacenar los nombres de los archivos del directorio de entrada, llama a free() sobre un puntero no inicializado, conllevando a un fallo de segmentación y una denegación de servicio A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. • https://github.com/uclouvain/openjpeg/issues/1368 https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4 https://security.gentoo.org/glsa/202209-04 https: • CWE-665: Improper Initialization CWE-824: Access of Uninitialized Pointer •