CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42863 – webkitgtk: memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-42863
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una gestión de estado mejorada. Este problema se solucionó en Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 y iPadOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 http://seclists.org/fulldisclosure/2022/Dec/23 http://seclists.org/fulldisclosure/2022/Dec/26 http://seclists.org/fulldisclosure/2022/Dec/27 http://seclists.org/fulldisclosure/2022/Dec/28 http://www.openwall.com/lists/oss-security/2022/12/26/1 https://security.gentoo.org/glsa/202305-32 https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213535 https:&#x • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2022-42867 – webkitgtk: use-after-free issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-42867
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de use after free con una gestión de memoria mejorada. Este problema se solucionó en Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 y iPadOS 16.2, watchOS 9.2. • http://seclists.org/fulldisclosure/2022/Dec/20 http://seclists.org/fulldisclosure/2022/Dec/23 http://seclists.org/fulldisclosure/2022/Dec/26 http://seclists.org/fulldisclosure/2022/Dec/27 http://seclists.org/fulldisclosure/2022/Dec/28 http://www.openwall.com/lists/oss-security/2022/12/26/1 https://security.gentoo.org/glsa/202305-32 https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213535 https:&#x • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
https://notcve.org/view.php?id=CVE-2022-3970
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://oss-fuzz.com/download?testcase_id=5738253143900160 https://security.netapp.com/advisory/ntap-20221215-0009 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213843 https://vuldb.com/?id.213549 https://access.redhat.com/security/cve/CVE-2022-3970 https • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. En curl anterior a 7.86.0, se podía omitir la verificación HSTS para engañarlo y que se quedara con HTTP. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 http://www.openwall.com/lists/oss-security/2022/12/21/1 https://curl.se/docs/CVE-2022-42916.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-42915 – curl: HTTP proxy double-free
https://notcve.org/view.php?id=CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. curl antes de la versión 7.86.0 tiene un double free. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://curl.se/docs/CVE-2022-42915.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK https://security.gentoo. • CWE-415: Double Free •