CVE-2017-1000158
https://notcve.org/view.php?id=CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CPython (también conocido como Python) hasta la versión 2.7.13 es vulnerable a un desbordamiento de enteros en la función PyString_DecodeEscape en stringobject.c, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) y, posiblemente, la ejecución de código arbitrario. • http://www.securitytracker.com/id/1039890 https://bugs.python.org/issue30657 https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://security.gentoo.org/glsa/201805-02 https://security.netapp.com/advisory/ntap-20230216-0001 https://www.debian.org/security/2018/ • CWE-190: Integer Overflow or Wraparound •
CVE-2017-9233
https://notcve.org/view.php?id=CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Una vulnerabilidad de XML External Entity (XEE) en libexpat versión 2.2.0 y anteriores (Expat XML Parser Library) permite que los atacantes consigan que el analizador entre en un bucle infinito utilizando una definición de entidad externa mal formada desde una DTD externa. • http://www.debian.org/security/2017/dsa-3898 http://www.openwall.com/lists/oss-security/2017/06/17/7 http://www.securityfocus.com/bid/99276 http://www.securitytracker.com/id/1039427 https://github.com/libexpat/libexpat/blob/master/expat/Changes https://libexpat.github.io/doc/cve-2017-9233 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40% • CWE-611: Improper Restriction of XML External Entity Reference CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-9063
https://notcve.org/view.php?id=CVE-2016-9063
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Desbordamiento de enteros durante el análisis de XML mediante la biblioteca Expat. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 http://www.securitytracker.com/id/1039427 https://bugzilla.mozilla.org/show_bug.cgi?id=1274777 https://www.debian.org/security/2017/dsa-3898 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-5636 – python: Heap overflow in zipimporter module
https://notcve.org/view.php?id=CVE-2016-5636
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función get_data en zipimport.c en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 permite a atacantes remotos tener impacto no especificado a través de un valor de tamaño de datos negativo, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution. • https://github.com/insuyun/CVE-2016-5636 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-2586.html http://www.openwall.com/lists/oss-security/2016/06/15/15 http://www.openwall.com/lists/oss-security/2016/06/16/1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91247 http://www.securitytracker.com/id/1038138 http://www.splunk.com/view/SP-CAAAP • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2016-2183 – SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
https://notcve.org/view.php?id=CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumpleaños de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a través de un ataque de cumpleaños contra una sesión cifrada de larga duración, según lo demostrado por una sesión HTTPS usando Triple DES en modo CBC, también conocido como un ataque "Sweet32". A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •