CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 1CVE-2023-23916 – curl: HTTP multi-header compression denial of service
https://notcve.org/view.php?id=CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. • https://hackerone.com/reports/1826048 https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://www.debian.org/security/2023/dsa-5365 https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23920 – Node.js: insecure loading of ICU data through ICU_DATA environment variable
https://notcve.org/view.php?id=CVE-2023-23920
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. • https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html https://nodejs.org/en/blog/vulnerability/february-2023-security-releases https://security.netapp.com/advisory/ntap-20230316-0008 https://www.debian.org/security/2023/dsa-5395 https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26314
https://notcve.org/view.php?id=CVE-2023-26314
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html https://www.openwall.com/lists/oss-security/2023/01/05/1 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23009 – libreswan: remote DoS via crafted TS payload with an incorrect selector length
https://notcve.org/view.php?id=CVE-2023-23009
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service. • https://github.com/libreswan/libreswan/issues/954 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF https://www.debian.org/security/2023/dsa-5368 https://access.redhat.com/security/cve/CVE-2023-23009 https://bugzilla.redhat.com/show_bug.cgi?id=2173610 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2023-24998 – Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
https://notcve.org/view.php?id=CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform. • https://github.com/nice1st/CVE-2023-24998 http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.gentoo.org/glsa/202305-37 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-24998 https://bugzilla.redhat.com/show_bug.cgi?id=2172298 • CWE-770: Allocation of Resources Without Limits or Throttling •