CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 1CVE-2023-25725 – haproxy: request smuggling attack in HTTP/1 header parsing
https://notcve.org/view.php?id=CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. • https://github.com/sgwgsw/LAB-CVE-2023-25725 https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112 https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG https://www.debian.org/security/2023/dsa-5348 https://www.hapro • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. • https://access.redhat.com/security/cve/CVE-2023-0361 https://github.com/tlsfuzzer/tlsfuzzer/pull/679 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ https://lists.fedoraproject.org/archives/list/package& • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2023-22795 – rubygem-actionpack: Denial of Service in Action Dispatch
https://notcve.org/view.php?id=CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in Action Dispatch related to the If-None-Match header. • https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 https://security.netapp.com/advisory/ntap-20240202-0010 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2023-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2164799 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0770 – Stack-based Buffer Overflow in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-0770
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. • https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd https://www.debian.org/security/2023/dsa-5411 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2023-23969 – python-django: Potential denial-of-service via Accept-Language headers
https://notcve.org/view.php?id=CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent. • https://docs.djangoproject.com/en/4.1/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI https://security.netapp.com/advisory/ntap-20230302-0007 https://www.djangoproject.com/weblog& • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •