SB2024013011 - Oracle Solaris update for thrid-party components
Published: January 30, 2024 Updated: March 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-4752)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the ins_compl_get_exp() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
2) Integer overflow (CVE-ID: CVE-2023-38560)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to integer overflow within the pl_glyph_name() function in pcl/pl/plfont.c when converting PCL files to PDF format. A remote attacker can pass a specially crafted PLC file to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2023-6213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Memory corruption (CVE-ID: CVE-2023-6212)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim ti visit a specially crafted website, trigger a memory corruption and execute arbitrary code on the target system.
5) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6211)
The vulnerability allows a remote attacker to perform clickjacking attack.
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-6210)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content, such as iframes from insecure http: URLs.
7) Input validation error (CVE-ID: CVE-2023-6209)
The vulnerability allows a remote attacker to manipulate data on websites.
The vulnerability exists due to insufficient validation of user-supplied input when parsing relative URLs that start with a triple slash, e.g. "///". A remote attacker can use a path-traversal "/../" part in the path to override the specified host.
8) Information disclosure (CVE-ID: CVE-2023-6208)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the Selection API copies text by mistake into the primary selection, a temporary storage not unlike the clipboard, when using on X11. A local user can gain access to potentially sensitive information.
Note, the vulnerability affects only Firefox installations on X11.
9) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6206)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the black fade animation when exiting fullscreen is roughly
the length of the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack and trick the victim into pressing the permissions grant button.
10) Use-after-free (CVE-ID: CVE-2023-6205)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the MessagePort::Entangled() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Out-of-bounds write (CVE-ID: CVE-2023-6204)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in in WebGL2 blitFramebuffer. A remote attacker can trick the victim ti visit a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
12) NULL pointer dereference (CVE-ID: CVE-2023-5441)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in src/gui.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
13) Heap-based buffer overflow (CVE-ID: CVE-2023-5344)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the trunc_string() function in message.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Heap-based buffer overflow (CVE-ID: CVE-2023-4781)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
15) Use-after-free (CVE-ID: CVE-2023-4750)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
16) Use of Potentially Dangerous Function (CVE-ID: CVE-2023-43115)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists in gdevijs.c in GhostPDL due to the way PostScript handles IJS device change. A remote attacker can trick the victim to open a specially crafted document that will switch to the IJS device, start the IJS server and execute arbitrary commands on the system.
17) Buffer overflow (CVE-ID: CVE-2023-4738)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function in src/regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
18) Untrusted search path (CVE-ID: CVE-2023-4736)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an untrusted search path when searching for perl, zig, ruby filetype plugins as well as zip and gzip autoload plugins. A remote attacker can trick the victim into downloading specially crafted files and opening one of the downloaded files using the affected software.
Successful exploitation of the vulnerability may lead to remote code execution.
19) Out-of-bounds read (CVE-ID: CVE-2023-4735)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the do_addsub() function in ops.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
20) Integer overflow (CVE-ID: CVE-2023-4734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the f_fullcommand() function in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Use-after-free (CVE-ID: CVE-2023-4733)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
22) Integer overflow (CVE-ID: CVE-2023-46246)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to integer overflow. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2023-48706)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ex_substitute() function in src/charset.c when executing the ":s" command. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and crash the application.
24) Use-after-free (CVE-ID: CVE-2023-48231)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when closing the window. A remote attacker can trick the victim to open a specially crafted file and crash the application.
25) Buffer overflow (CVE-ID: CVE-2023-38559)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the devn_pcx_write_rle() function in base/gdevdevn.c. A remote attacker can create a specially crafted PDF document, pass it to the affected application, trigger memory corruption and perform a denial of service (DoS) attack.
26) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-46589)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing malformed trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
27) Use-after-free (CVE-ID: CVE-2023-6207)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the ReadableByteStreamQueueEntry::Buffer() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
28) Integer overflow (CVE-ID: CVE-2023-2610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the regtilde() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Heap-based buffer overflow (CVE-ID: CVE-2023-4863)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
30) NULL pointer dereference (CVE-ID: CVE-2023-49083)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.