CVE-2022-32208 – curl: FTP-KRB bad message verification
https://notcve.org/view.php?id=CVE-2022-32208
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://hackerone.com/reports/1590071 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/ • CWE-787: Out-of-bounds Write CWE-840: Business Logic Errors CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVE-2022-32205
https://notcve.org/view.php?id=CVE-2022-32205
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. Un servidor malicioso puede servir cantidades excesivas de encabezados "Set-Cookie:" en una respuesta HTTP a curl y curl versiones anteriores a 7.84.0 las almacena todas. Una cantidad suficientemente grande de cookies (grandes) hace que las subsiguientes peticiones HTTP a este, o a otros servidores con los que coincidan las cookies, creen peticiones que superen el umbral que curl usa internamente para evitar el envío de peticiones locamente grandes (1048576 bytes) y en su lugar devuelva un error. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://hackerone.com/reports/1569946 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/dsa- • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-32207 – curl: Unpreserved file permissions
https://notcve.org/view.php?id=CVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la operación con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operación de renombramiento, podría accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a más usuarios de los previstos A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://hackerone.com/reports/1573634 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-32207 http • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions CWE-840: Business Logic Errors •
CVE-2022-2124 – Buffer Over-read in vim/vim
https://notcve.org/view.php?id=CVE-2022-2124
Buffer Over-read in GitHub repository vim/vim prior to 8.2. Una Lectura Excesiva del Búfer en el repositorio GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2022-2125 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2125
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN https://lists.fedoraproject.org/archives/list/package-announce%40lists • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •