CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión transparente por software que permite ataques de robo de píxeles de origen cruzado contra feTurbulence y feBlend en la especificación del filtro SVG, también conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisión el texto contenido en una página web de un origen si controlan un recurso de un origen diferente. • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level https://blog.imaginationtech.com/reducing-bandwidth-pvric https://github.com/UT-Security/gpu-zip https://news.ycombinator.com/item?id=37663159 https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack https://www.hertzbleed.com/gpu.zip https://www.her • CWE-203: Observable Discrepancy •
CVE-2021-3737 – python: urllib: HTTP client possible infinite loop on a 100 Continue response
https://notcve.org/view.php?id=CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. Una respuesta HTTP manejada inapropiadamente en el código del cliente HTTP de python puede permitir a un atacante remoto, que controle el servidor HTTP, hacer que el script del cliente entre en un bucle infinito, consumiendo tiempo de CPU. • https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009 https://ubuntu.com/security/CVE-2021-3737 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-26137 – python-urllib3: CRLF injection via HTTP request method
https://notcve.org/view.php?id=CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. urllib3 versiones anteriores a 1.25.9, permite una inyección de CRLF si el atacante controla el método de petición HTTP, como es demostrado al insertar caracteres de control CR y LF en el primer argumento de la función putrequest(). NOTA: esto es similar a CVE-2020-26116 A flaw was found in python-urllib3. The HTTPConnection.request() does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity. • https://bugs.python.org/issue39603 https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b https://github.com/urllib3/urllib3/pull/1800 https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://usn.ubuntu.com/4570-1 https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-26137 https& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión "one-shot" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html https://github.com/google/brotli/releases/tag/v1.0.9 https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2020-16135 – libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL
https://notcve.org/view.php?id=CVE-2020-16135
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. libssh versión 0.9.4, presenta una desreferencia del puntero NULL en el archivo tftpserver.c si la función ssh_buffer_new devuelve NULL A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. • https://bugs.libssh.org/T232 https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E https://security.gentoo.org/glsa/202011-05 https:/ • CWE-476: NULL Pointer Dereference •