SB2021071516 - Multiple vulnerabilities in OpenShift Serverless
Published: July 15, 2021 Updated: October 28, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2021-27918)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when using xml.NewTokenDecoder with a custom TokenReader. A remote attacker can trick a victim to open a specially crafted XML content and cause denial of service conditions.
2) Integer overflow (CVE-ID: CVE-2020-13434)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
3) Integer overflow (CVE-ID: CVE-2021-27219)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the g_bytes_new() function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. A local user can run a specially crafted program to trigger an integer overflow and execute arbitrary code with elevated privileges.
4) Reachable Assertion (CVE-ID: CVE-2021-3326)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.
5) Buffer overflow (CVE-ID: CVE-2020-29363)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
6) Buffer overflow (CVE-ID: CVE-2020-29362)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
7) Buffer overflow (CVE-ID: CVE-2020-29361)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
8) Uncontrolled Recursion (CVE-ID: CVE-2020-28196)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.
9) Infinite loop (CVE-ID: CVE-2020-27618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.
10) Out-of-bounds read (CVE-ID: CVE-2020-24977)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the xmlEncodeEntitiesInternal() function in libxml2/entities.c in libxml2. A remote attacker can pas specially crafted XML data to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
11) Out-of-bounds write (CVE-ID: CVE-2020-15358)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
12) Input validation error (CVE-ID: CVE-2020-13776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to systemd mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.
13) Buffer overflow (CVE-ID: CVE-2020-8927)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
14) Uncontrolled Recursion (CVE-ID: CVE-2021-31525)
The vulnerability allows a remote attacker to perform a DoS attack.
The vulnerability exists due to uncontrolled recursion when processing HTTP headers. A remote attacker can send a large header to ReadRequest or ReadResponse and perform a denial of service (DoS) attack.
15) Improper Check for Certificate Revocation (CVE-ID: CVE-2020-8286)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrectly implemented checks for OCSP stapling. A remote attacker can provide a fraudulent OCSP response that would appear fine, instead of the real one.
16) Uncontrolled Recursion (CVE-ID: CVE-2020-8285)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due tu uncontrolled recursion when processing FTP responses within the wildcard matching functionality, which allows a callback (set
with <a href="https://curl.se/libcurl/c/CURLOPT_CHUNK_BGN_FUNCTION.html">CURLOPT_CHUNK_BGN_FUNCTION</a>) to return information back to libcurl on
how to handle a specific entry in a directory when libcurl iterates over a
list of all available entries. A remote attacker who controls the malicious FTP server can trick the victim to connect to it and crash the application, which is using the affected libcurl version.
17) Information disclosure (CVE-ID: CVE-2020-8284)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the PASV response to trick curl into connecting
back to a given IP address and port, and this way potentially make curl
extract information about services that are otherwise private and not
disclosed, for example doing port scanning and service banner extractions.
18) Expired pointer dereference (CVE-ID: CVE-2020-8231)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to expired pointer dereference error for CURLOPT_CONNECT_ONLY connections that may lead to information disclosure. If the application is using the CURLOPT_CONNECT_ONLY option to check if the website is accessible, an attacker might abuse this feature and force the application to re-use expired connection and send data intended to another connection to attacker controlled server.
19) Out-of-bounds read (CVE-ID: CVE-2019-25013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2019-9169)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to heap-based buffer over-read via an attempted case-insensitive regular-expression match. A remote attacker can perform a denial of service attack or gain access to sensitive information.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to pam_systemd creates a user session using environmental parameters. A local user can spoof an active session and gain additional PolicyKit privileges.
22) Incorrect default permissions (CVE-ID: CVE-2019-2708)
The vulnerability allows a local user to crash the service.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.
23) Off-by-one (CVE-ID: CVE-2017-14502)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to off-by-one error for UTF-16 names in RAR archives. A remote attacker can trigger an out-of-bounds read in archive_read_format_rar_read_header and cause the service to crash.
24) Input validation error (CVE-ID: CVE-2016-10228)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
25) Resource exhaustion (CVE-ID: CVE-2021-33196)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing archives. A remote attacker can pass a specially crafted .zip file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.