SB20220720105 - Multiple vulnerabilities in Oracle Solaris
Published: July 20, 2022 Updated: November 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-24675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2022-31747)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information disclosure (CVE-ID: CVE-2022-31742)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when handling a large number of allowCredential entries. A remote attacker can trick the victim to visit a specially crafted website, launch a timing attack and detect the difference between invalid key handles and cross-origin key handles. Successful exploitation of the vulnerability can lead to cross-origin account linking in violation of WebAuthn goals.
4) Use of Uninitialized Variable (CVE-ID: CVE-2022-31741)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2022-31740)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error related to register allocation problem in WASM on arm64. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Path traversal (CVE-ID: CVE-2022-31739)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when saving downloaded files on Windows. A remote attacker can use the "%" character in filename to store data outside the intended directory using Windows environment variables, such as %HOMEPATH% or %APPDATA%.
The vulnerability affects Windows installations only.
7) Spoofing attack (CVE-ID: CVE-2022-31738)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when exiting fullscreen mode. A remote attacker can use an iframe to confused the browser about the current state of fullscreen and perform spoofing attack.
8) Out-of-bounds write (CVE-ID: CVE-2022-31737)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in WebGL when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
9) Integer overflow (CVE-ID: CVE-2022-28327)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.
10) Incorrect authorization (CVE-ID: CVE-2022-23773)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.
11) Use-after-free (CVE-ID: CVE-2021-21708)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.
12) Resource exhaustion (CVE-ID: CVE-2022-23772)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the Rat.SetString(0 function in math/big. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2021-29923)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input in net.ParseIP and net.ParseCIDR, as the Go interpreter does not properly consider extraneous zero characters at the beginning
of an IP address octet. A remote attacker can
bypass access control that is based on IP addresses, because of
unexpected octal interpretation.
14) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
15) Integer overflow (CVE-ID: CVE-2022-29824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Spoofing attack (CVE-ID: CVE-2022-1834)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of multiple Braille Pattern Blank space characters, which results in displaying every space character. A remote attacker can spoof the email address of the sender.
17) Information disclosure (CVE-ID: CVE-2022-31736)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when processing HTTP requests. A malicious website can obtain the size of a cross-origin resource that supported Range requests.18) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-24801)
The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests within the twisted.web.http module. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
19) Error Handling (CVE-ID: CVE-2022-25762)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling WebSocket connections. If a web application sends a WebSocket message concurrently with the
WebSocket connection closing, it is possible that the application will
continue to use the socket after it has been closed. As a result, subsequent connections can use the
same object concurrently and share data and/or other errors.
20) Unchecked Return Value (CVE-ID: CVE-2022-23806)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.
Remediation
Install update from vendor's website.