Multiple vulnerabilities in Oracle Solaris

1) Input validation error

EUVDB-ID: #VU68517

Risk: Low

CVSSv4.0: 0.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-39253

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Git handles hardlinks when performing a local clone. A remote attacker can trick the victim into clocking a malicious repository and create or copy hardlinks to critical files on the system, which can result in sensitive information exposure.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU69754

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45414

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way quoted certain HTML tags are handled within the email client. If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. A remote attacker trick the victim into replying to a specially crafted email and force Thunderbird to initiate requests, potentially revealing sensitive information, such as IP address of the victim.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU70151

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46881

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebGL. A remote attacker can trick the victim into opening a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU70150

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46880

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebGL. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU70149

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46878

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU70148

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-46875

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: Yes

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to executable file warning is not displayed when downloading .atloc and .ftploc files. A remote attacker can trick the victim into downloading and executing dangerous files.

Note, the vulnerability affects macOS installations only.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Input validation error

EUVDB-ID: #VU70147

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-46874

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of long filenames during drag and drop actions, which causes filename truncation to a potentially malicious extension. A remote attacker can trick the victim to download a file with a long filename, which can be automatically truncated by the browser into an executable file.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security features bypass

EUVDB-ID: #VU70146

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-46872

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to unspecified error on Linux installations. A remote attacker who compromised content process can escaped the sandbox and read arbitrary files via clipboard-related IPC messages.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU67733

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-41556

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the mod_fastcgi and mod_scgi modules when handling a large number of incorrect HTTP requests. A remote attacker can send multiple incorrect HTTP requests to the web server and perform denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) OS Command Injection

EUVDB-ID: #VU69240

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-45063

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing font ops. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary OS commands on the target system within the vi line-editing mode of Zsh.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer overflow

EUVDB-ID: #VU69585

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3970

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the TIFFReadRGBATileExt() function in libtiff/tif_getimage.c. A remote attacker can trick the victim to open a specially crafted TIFF file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU70152

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46882

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebGL. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU69392

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-45061

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU68718

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43680

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource exhaustion

EUVDB-ID: #VU69407

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3204

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing a malicious delegation with a considerable number of non responsive nameservers. A remote attacker can trigger CPU high usage and perform a denial of service (DoS) attack.

The attack is known as "Non-Responsive Delegation Attack" (NRDelegation Attack).

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU67731

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-37797

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mod_wstunnel module when handling invalid HTTP requests. A remote attacker can send specially crafted HTTP requests to the affected web server and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds write

EUVDB-ID: #VU69176

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-44638

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the rasterize_edges_8() function. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) OS Command Injection

EUVDB-ID: #VU68861

Risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3276

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Heap-based buffer overflow

EUVDB-ID: #VU68518

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-39260

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "git shell" command when handling untrusted input. A remote attacker can trick the victim to execute the affected command against a malicious repository, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Off-by-one

EUVDB-ID: #VU68858

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-46848

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU71241

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2006-20001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mod_dav module when handling HTTP requests. A remote attacker can send a specially crafted HTTP request, trigger a one byte buffer overflow and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Integer overflow

EUVDB-ID: #VU63449

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29338

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow when using the command line option "-ImgDir" on a directory that contains 1048576 files. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Integer overflow

EUVDB-ID: #VU56067

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-30860

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

25) Insufficiently protected credentials

EUVDB-ID: #VU73891

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0718

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper input validation when handling a double quote character in the password, causing any part of the password after the double quote to be plaintext. A local user can view the log files and obtain password in clear text.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Access of Uninitialized Pointer

EUVDB-ID: #VU63450

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1122

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an invalid pointer initialization in the opj2_decompress program. A remote attacker can gain unauthorized access to sensitive information and perform a denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

28) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU66064

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-1705

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of Transfer-Encoding headers in HTTP/1 responses. A remote attacker can send a specially crafted HTTP/1 response to the client and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource exhaustion

EUVDB-ID: #VU66065

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-1962

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in go/parser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21515

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU66813

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2309

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the iterwalk() function. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU64266

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24675

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Code Injection

EUVDB-ID: #VU61830

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-25255

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to QProcess can execute a binary from the current working directory when not found in the PATH. A local user can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU67054

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27337

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Hints::Hints() function when processing PDF files. A remote attacker can pass specially crafted PDF file to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper Certificate Validation

EUVDB-ID: #VU65267

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27536

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to certificate.Verify in crypto/x509 in Go can be caused to panic on macOS when presented with certain malformed certificates. A remote unauthenticated attacker can use a TLS server to cause a TLS client to panic.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU67396

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27664

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper control of a resource through its lifetime

EUVDB-ID: #VU63004

Risk: Low

CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27778

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

Exploit availability: No

The vulnerability allows a remote attacker to delete files on the system.

The vulnerability exists in the curl command line tool when --no-clobber is used together with --remove-on-error. A remote attacker can trick the victim to connect to a malicious server and force the command line tool to remove unexpected files.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource exhaustion

EUVDB-ID: #VU66069

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-28131

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Decoder.Skip when parsing a deeply nested XML document. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU66626

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2816

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the check_vim9_unlet() function in vim9cmds.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU66627

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2817

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing files in testing.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Heap-based buffer overflow

EUVDB-ID: #VU66628

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2819

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in vim9cmds.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Integer overflow

EUVDB-ID: #VU64269

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-28327

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU66632

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2845

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within edit.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Heap-based buffer overflow

EUVDB-ID: #VU66631

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2849

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU66630

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2862

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in vim9compile.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU66629

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vim9compile.c. A remote attacker can trick the victim top open a specially crafted file and crash the application.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Resource management error

EUVDB-ID: #VU68387

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Input validation error

EUVDB-ID: #VU68389

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform parameter smuggling attacks.

The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU66669

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the find_var_also_in_script() function in evalvars.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU66785

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2923

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the sug_filltree() function in spellfile.c. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU67944

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2928

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory leak

EUVDB-ID: #VU67943

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2929

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU66784

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-2946

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the vim_vsnprintf_typval() function in strings.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63173

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-29526

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU66786

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2980

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the do_mouse() function in mouse.c. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Path traversal

EUVDB-ID: #VU73872

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-29804

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error within the filepath.Clean function on Windows, which can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. A remote attacker can pass specially crafted data to the application and perform directory traversal attacks.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU66860

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the get_next_valid_entry() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU67049

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3037

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the qf_buf_add_line() function. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use of insufficiently random values

EUVDB-ID: #VU66122

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30629

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

The vulnerability allows a remote attacker gain access to sensitive information.

The vulnerability exists in crypto/tls implementation when generating TLS tickets age. The newSessionTicketMsgTLS13.ageAdd is always set to "0" instead of a random value.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource exhaustion

EUVDB-ID: #VU66063

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30630

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource exhaustion

EUVDB-ID: #VU66062

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30631

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource exhaustion

EUVDB-ID: #VU66067

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30632

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource exhaustion

EUVDB-ID: #VU66070

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30633

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Infinite loop

EUVDB-ID: #VU73870

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30634

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in crypto/rand on Windows when handling buffer larger than 1 << 32 - 1 bytes. A remote attacker can consume all available system resources and cause denial of service conditions.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource exhaustion

EUVDB-ID: #VU66068

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30635

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Decoder.Decode on a message which contains deeply nested structures. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource exhaustion

EUVDB-ID: #VU71529

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3094

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS updates. A remote attacker can trigger resource exhaustion by sending a flood of dynamic DNS updates.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU67050

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3099

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the do_cmdline() function in vim/src/ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU67159

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3134

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing files within the do_tag() function in vim/src/tag.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU67160

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3153

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vim_regcomp() function in regexp.c. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Security features bypass

EUVDB-ID: #VU66066

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32148

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unexpected behavior of httputil.ReverseProxy.ServeHTTP. When the method is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Input validation error

EUVDB-ID: #VU66121

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32189

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in
Float.GobDecode. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Path traversal

EUVDB-ID: #VU67556

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32190

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within JoinPath and URL.JoinPath. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Resource exhaustion

EUVDB-ID: #VU64681

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32205

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to curl does not impose limits to the size of cookies stored in the system. A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and consume all available disk space.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Incorrect default permissions

EUVDB-ID: #VU64684

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32207

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Expected behavior violation

EUVDB-ID: #VU68746

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32221

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

The vulnerability allows a remote attacker to force unexpected application behavior.

The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Heap-based buffer overflow

EUVDB-ID: #VU67435

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3234

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the utfc_ptr2len() function at mbyte.c. A remote attacker can trick the victim to open a specially crafted fule, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU67625

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3235

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the getcmdline_int() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU67627

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3256

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the movemark() function in mark.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU67626

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3278

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in eval.c. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Buffer overflow

EUVDB-ID: #VU67658

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3296

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing files within the ex_finally() function in ex_eval.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU67659

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3297

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the process_next_cpt_value() function in insexpand.c when processing files. A remote attacker can trick the victim to open a specially crafted flie, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Stack-based buffer overflow

EUVDB-ID: #VU68964

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3324

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling files within the win_redr_ruler(0 function in drawscreen.c. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use-after-free

EUVDB-ID: #VU68963

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3352

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling files within the did_set_string_option() function in optionstr.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Integer overflow

EUVDB-ID: #VU68376

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3515

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU66881

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-35252

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Stack-based buffer overflow

EUVDB-ID: #VU68747

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-35260

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when parsing .netrc file. A local user can pass a specially crafted file to the curl, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) UNIX symbolic link following

EUVDB-ID: #VU67717

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36113

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

The vulnerability allows a remote attacker to corrupt arbitrary files on the system.

The vulnerability exists due to a symlink following issue. A remote attacker can add a malicious ".cargo-ok" symbolic link into the package, point the link to an arbitrary file on the system and corrupt it during package extraction.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Resource exhaustion

EUVDB-ID: #VU67718

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-36114

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing .zip files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack, aka "zip bomb" attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU69582

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36227

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU71242

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-36760

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the web server and smuggle arbitrary HTTP headers to the AJP server it forwards requests to.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use-after-free

EUVDB-ID: #VU68962

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-3705

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling files within the qf_update_buffer() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Input validation error

EUVDB-ID: #VU71530

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3736

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted RRSIG query to the DNS server and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) HTTP response splitting

EUVDB-ID: #VU71243

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-37436

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences within the mod_proxy module. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Integer overflow

EUVDB-ID: #VU73888

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-38171

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIG2Stream.cc. A remote attacker can pass a specially crafted PDF file or JBIG2 image to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is related to #VU56067 (CVE-2021-30860).

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Integer overflow

EUVDB-ID: #VU67055

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-38784

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc. A remote attacker can pass a specially crafted PDF file or JBIG2 image to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Reachable Assertion

EUVDB-ID: #VU71531

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3924

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion. A remote attacker can send specially crafted queries to the resolver and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Integer overflow

EUVDB-ID: #VU68828

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-40303

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Resource management error

EUVDB-ID: #VU68829

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40304

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption  issues, such as double free errors and result in a denial of service.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Input validation error

EUVDB-ID: #VU71377

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40898

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input passed to wheel cli. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Resource exhaustion

EUVDB-ID: #VU68390

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-41715

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Input validation error

EUVDB-ID: #VU69405

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-41716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to execute arbitrary OS commands on the system.

The vulnerability exists due to insecure processing of unsanitized NUL values in syscall.StartProcess and os/exec.Cmd. A local user on the Windows operating system can set a specially crafted environment variable and execute arbitrary OS commands on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Reachable Assertion

EUVDB-ID: #VU67969

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42010

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Out-of-bounds read

EUVDB-ID: #VU67970

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42011

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error caused by an invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element. A local user can trigger an out-of-bounds read and gain access to sensitive information.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU67971

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use-after-free

EUVDB-ID: #VU70438

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-4283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Double Free

EUVDB-ID: #VU68748

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42915

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Cleartext transmission of sensitive information

EUVDB-ID: #VU68749

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42916

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Deserialization of Untrusted Data

EUVDB-ID: #VU69391

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42919

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Python multiprocessing library, when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine.A local user can execute arbitrary code with privileges of the user running the any forkserver process.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Infinite loop

EUVDB-ID: #VU70040

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-4345

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, OpenFlow, and Kafka protocol dissectors. A remote attacker can consume all available system resources and cause denial of service conditions.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Code Injection

EUVDB-ID: #VU70666

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-45143

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote attacker to manipulate server output.

The vulnerability exists due to improper input validation within the JsonErrorReportValve when handling type, message or description values. A remote attacker can send a specially crafted request and manipulate or invalidate JSON output.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource exhaustion

EUVDB-ID: #VU69499

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-45199

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the TiffImagePlugin.py when setting up the context for image decoding. A remote attacker can trigger resource exhaustion via a large value in the SAMPLESPERPIXEL tag and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) OS Command Injection

EUVDB-ID: #VU69808

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-45939

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim to use the "ctags *" command  and execute arbitrary OS commands on the target system in a situation where the current working directory has contents that depend on untrusted input.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Stack-based buffer overflow

EUVDB-ID: #VU70433

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-46340

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error  within the swap handler for the XTestFakeInput request of the XTest extension if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Out-of-bounds read

EUVDB-ID: #VU70434

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-46341

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling XIPassiveUngrab requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use-after-free

EUVDB-ID: #VU70435

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-46342

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling XvdiSelectVideoNotify requests. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Use-after-free

EUVDB-ID: #VU70436

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-46343

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling ScreenSaverSetAttributes requests. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Out-of-bounds read

EUVDB-ID: #VU70437

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-46344

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling XIChangeProperty requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Infinite loop

EUVDB-ID: #VU71337

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0411

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, NCP, and RTPS dissectors. A remote attacker can consume all available CPU resources and cause denial of service conditions.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Input validation error

EUVDB-ID: #VU71335

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the TIPC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Input validation error

EUVDB-ID: #VU71340

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the conversation tracking module in Dissection engine. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Input validation error

EUVDB-ID: #VU71342

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the EAP dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Input validation error

EUVDB-ID: #VU71338

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0415

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iSCSI dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Input validation error

EUVDB-ID: #VU71339

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0416

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the GNW dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Memory leak

EUVDB-ID: #VU71341

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0417

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the NFS dissector. A remote attacker can force the application to leak memory and perform denial of service attack.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper input validation

EUVDB-ID: #VU71288

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21830

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Input validation error

EUVDB-ID: #VU71332

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2023-22809

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the sudoedit (aka -e) feature due to insufficient validation of user-supplied input passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR). The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. A local user can append arbitrary entries to the list of files to process and escalate privileges on the system.

Install update from vendor's website.

Oracle Solaris: 11.4

• cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/bulletinjan2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.