Page 97 of 1071 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15938

https://notcve.org/view.php?id=CVE-2017-15938

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). dwarf2.c en la librería Binary File Descriptor (BFD) (también conocida como libbfd), tal y como viene distribuido en GNU Binutils 2.29, calcula de manera incorrecta las referencias de entradas de información de depuración de DW_FORM_ref_addr en el caso de un archivo objeto reubicable, lo que permite que atacantes remotos provoquen una denegación de servicio (lectura de memoria no válida en find_abstract_instance_name, fallo de segmentación y cierre inesperado de la aplicación). • http://www.securityfocus.com/bid/101610 https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c https://security.gentoo.org/glsa/201801-01 https://sourceware.org/bugzilla/show_bug.cgi?id=22209 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1b86808a86077722ee4f42ff97f836b12420bb2a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 64%CPEs: 3EXPL: 2

CVE-2017-13089 – GNU Wget: stack overflow in HTTP protocol handling

https://notcve.org/view.php?id=CVE-2017-13089

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. Se llama a la función http.c:skip_short_body() en ciertas circunstancias, como cuando se procesan redirecciones. • https://github.com/mzeyong/CVE-2017-13089 https://github.com/r1b/CVE-2017-13089 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f http://www.debian.org/security/2017/dsa-4008 http://www.securityfocus.com/bid/101592 http://www.securitytracker.com/id/1039661 https://access.redhat.com/errata/RHSA-2017:3075 https://security.gentoo.org/glsa/201711-06 https://www.synology.com/support/security/Synology_SA_17_62_Wget https://www.viestintavira • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.3EPSS: 39%CPEs: 3EXPL: 0

CVE-2017-13090 – GNU Wget: heap overflow in HTTP protocol handling

https://notcve.org/view.php?id=CVE-2017-13090

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. • http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba http://www.debian.org/security/2017/dsa-4008 http://www.securityfocus.com/bid/101590 http://www.securitytracker.com/id/1039661 https://access.redhat.com/errata/RHSA-2017:3075 https://security.gentoo.org/glsa/201711-06 https://www.synology.com/support/security/Synology_SA_17_62_Wget https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html https://access.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15922

https://notcve.org/view.php?id=CVE-2017-15922

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. En GNU Libextractor 1.4, existe una lectura fuera de límites en la función EXTRACTOR_dvi_extract_method function en plugins/dvi_extractor.c. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html http://www.securityfocus.com/bid/101595 https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15602

https://notcve.org/view.php?id=CVE-2017-15602

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. En GNU Libextractor 1.4, hay un error en la propiedad signedness de un número entero para el tamaño de fragmento en la función EXTRACTOR_nsfe_extract_method en plugins/nsfe_extractor.c, lo que conduce a un bucle infinito para un tamaño manipulado. • http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •