CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 1CVE-2022-45061 – python: CPU denial of service via inefficient IDNA decoder
https://notcve.org/view.php?id=CVE-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. • https://github.com/python/cpython/issues/98433 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNS • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-39377 – sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow
https://notcve.org/view.php?id=CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. sysstat es un conjunto de herramientas de rendimiento del System para el sistema operativo Linux. • https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N https://security.gentoo.org& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-42920 – Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
https://notcve.org/view.php?id=CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. Apache Commons BCEL tiene una serie de API que normalmente solo permitirían cambiar características de clase específicas. • http://www.openwall.com/lists/oss-security/2022/11/07/2 https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ https://security.gentoo.org/glsa/202401-25 https: • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42919 – python: local privilege escalation via the multiprocessing forkserver start method
https://notcve.org/view.php?id=CVE-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. • https://github.com/python/cpython/compare/v3.10.8...v3.10.9 https://github.com/python/cpython/compare/v3.9.15...v3.9.16 https://github.com/python/cpython/issues/97514 https://github.com/python/cpython/issues/97514#issuecomment-1310277840 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH https://lists.fedo • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-44638 – pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-44638
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. En libpixman en Pixman anterior a 0.42.2, hay una escritura fuera de límites (también conocida como desbordamiento de búfer basado en montón) en rasterize_edges_8 debido a un desbordamiento de enteros en pixman_sample_floor_y. A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution. pixman versions prior to 0.42.2 suffer from an out-of-bounds write vulnerability in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. • http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html http://www.openwall.com/lists/oss-security/2022/11/05/1 https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •