Multiple vulnerabilities in Cryostat

1) Deserialization of Untrusted Data

EUVDB-ID: #VU64152

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-25647

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data passed to writeReplace() method. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deserialization of Untrusted Data

EUVDB-ID: #VU64275

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-28948

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU56217

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-3634

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Infinite loop

EUVDB-ID: #VU59089

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3737

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU61681

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-4189

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cryostat: 2.0.0 - 2.1.0

CPE2.3

• cpe:2.3:a:red_hat:cryostat:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:cryostat:2.1.0:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2022:4985

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.