SB2024090248 - Multiple vulnerabilities in HPE Moonshot 1500 Chassis Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024090248

SB2024090248 - Multiple vulnerabilities in HPE Moonshot 1500 Chassis Manager

Published: September 2, 2024

Security Bulletin ID SB2024090248
Severity
High
Patch available
YES
Number of vulnerabilities 81
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 28% Medium 52% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 81 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2022-2953)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the extractImageSection() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

2) Heap-based buffer overflow (CVE-ID: CVE-2022-1354)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the TIFFReadRawDataStriped() function in tiffinfo.c. A remote attacker can pass specially crafted TIFF file to the application that is using the affected library, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Out-of-bounds write (CVE-ID: CVE-2022-3627)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF images within the _TIFFmemcpy() function in libtiff/tif_unix.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


4) Out-of-bounds read (CVE-ID: CVE-2022-3599)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the writeSingleSection() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


5) Out-of-bounds write (CVE-ID: CVE-2022-3598)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF images within the extractContigSamplesShifted24bits() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


6) Out-of-bounds write (CVE-ID: CVE-2022-3597)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF images within the _TIFFmemcpy() function in libtiff/tif_unix.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


7) Heap-based buffer overflow (CVE-ID: CVE-2022-3570)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in tiffcrop.c utility in libtiff when processing TIFF files. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Stack-based buffer overflow (CVE-ID: CVE-2022-34526)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the _TIFFVGetField() function in Tiffsplit. A remote attacker can pass specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.


9) Integer underflow (CVE-ID: CVE-2022-2869)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the extractContigSamples8bits routine in the tiffcrop utility. A remote attacker can pass  a specially crafted file to the affected application, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Division by zero (CVE-ID: CVE-2022-2056)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.


11) Out-of-bounds read (CVE-ID: CVE-2022-2868)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop utility. A remote attacker can pass a specially crafted file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


12) Integer underflow (CVE-ID: CVE-2022-2867)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the tiffcrop utility. A remote attacker can pass a specially crafted file to the affected application, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Release of invalid pointer or reference (CVE-ID: CVE-2022-2521)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an invalid pointer free operation within the TIFFClose() function in tif_close.c. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

14) Reachable Assertion (CVE-ID: CVE-2022-2520)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the rotateImage() function in tiffcrop.c. A remote attacker can pass a specially crafted file to the application, trigger assertion failure and perform a denial of service (DoS) attack.


15) Double Free (CVE-ID: CVE-2022-2519)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the rotateImage() function in tiffcrop.c. A remote attacker can pass a specially crafted file to the application, trigger a double free and perform a denial of service (DoS) attack.

16) Integer overflow (CVE-ID: CVE-2022-3970)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the TIFFReadRGBATileExt() function in libtiff/tif_getimage.c. A remote attacker can trick the victim to open a specially crafted TIFF file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) Heap-based buffer overflow (CVE-ID: CVE-2022-48281)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


18) Infinite loop (CVE-ID: CVE-2022-40090)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the TIFFReadDirectory() function. A remote attacker can consume all available system resources and cause denial of service conditions.


19) Buffer overflow (CVE-ID: CVE-2022-1355)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within tiffcp.c when processing TIFF files. A remote attacker can pass specially crafted TIFF file to the application that is using the affected library, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


20) Division by zero (CVE-ID: CVE-2022-2057)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

21) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42919)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Python multiprocessing library, when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine.A local user can execute arbitrary code with privileges of the user running the any forkserver process.


22) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-4189)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.


23) Buffer Over-read (CVE-ID: CVE-2019-17595)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read issue in the "fmt_entry" function in "tinfo/comp_hash.c" in the terminfo library. A remote attacker can trigger a buffer over-read condition and cause a denial of service condition on the target system.

24) Resource exhaustion (CVE-ID: CVE-2019-9513)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.


25) Resource exhaustion (CVE-ID: CVE-2019-9511)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.


26) Heap-based buffer overflow (CVE-ID: CVE-2019-17594)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "_nc_find_entry" function in "tinfo/comp_hash.c" in the terminfo library. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


27) Use-after-free (CVE-ID: CVE-2021-30560)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Blink XSLT component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


28) Improper Privilege Management (CVE-ID: CVE-2021-41617)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. A local user can escalate privileges on the system.


29) Origin validation error (CVE-ID: CVE-2021-3618)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error in TLS implementation when handling different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A remote attacker with ability to perform TCP/IP layer MitM attack can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

This attack technique was dubbed ALPACA (application layer protocol content confusion attack).


30) Division by zero (CVE-ID: CVE-2022-2058)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.


31) Stack-based buffer overflow (CVE-ID: CVE-2021-32292)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the parseit() function in json_parse.c. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


32) Resource exhaustion (CVE-ID: CVE-2021-46828)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to library improperly handles idle TCP connections. A remote attacker can exhaust the file descriptors of a process that uses libtirpc and perform a denial of service (DoS)  attack.


33) Incorrect Regular Expression (CVE-ID: CVE-2021-46823)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions in the LDAP schema parser. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


34) NULL pointer dereference (CVE-ID: CVE-2021-4209)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in MD_UPDATE. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


35) Out-of-bounds write (CVE-ID: CVE-2021-39537)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


36) Buffer overflow (CVE-ID: CVE-2020-19144)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing files within the _TIFFmemcpy() funtion in "tif_unix.c". A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


37) Buffer overflow (CVE-ID: CVE-2020-19131)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the invertImage() function in the tiffcrop component. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.


38) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-16156)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect processing of signed code. A remote attacker trick the victim into downloading a malicious file, bypass signature verification procedure and compromise the affected system.


39) CRLF injection (CVE-ID: CVE-2022-0391)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


40) Resource exhaustion (CVE-ID: CVE-2022-45061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.


41) Out-of-bounds read (CVE-ID: CVE-2022-29458)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in convert_strings in tinfo/read_entry.c in the terminfo library. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.


42) Infinite loop (CVE-ID: CVE-2022-27781)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.


43) Input validation error (CVE-ID: CVE-2022-3736)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted RRSIG query to the DNS server and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.


44) Resource exhaustion (CVE-ID: CVE-2022-3094)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS updates. A remote attacker can trigger resource exhaustion by sending a flood of dynamic DNS updates.


45) Information disclosure (CVE-ID: CVE-2022-27776)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).


46) Resource management error (CVE-ID: CVE-2022-27775)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources when handling IPv6 protocol. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.


47) Information disclosure (CVE-ID: CVE-2022-27774)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.

By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.


48) Improper Authentication (CVE-ID: CVE-2022-22576)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.



49) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2022-27782)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.


50) Input validation error (CVE-ID: CVE-2022-27780)

The vulnerability allows a remote attacker to bypass filters and checks.

The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a different URL using the wrong host name when it is later retrieved. For example, the URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get transposed into http://example.com/10.0.0.1/.

A remote attacker can bypass various internal filters and checks and force the curl to connect to a wrong web application.


51) Resource management error (CVE-ID: CVE-2022-2795)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing large delegations. A remote attacker can flood the target resolver with queries and perform a denial of service (DoS) attack.


52) Use-after-free (CVE-ID: CVE-2022-0934)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when handling DHCPv6 requests. A remote attacker can send specially crafted DHCPv6 packets to the affected application, trigger a use-after-free error and perform a denial of service (DoS) attack.



53) Heap-based buffer overflow (CVE-ID: CVE-2022-24903)

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.


54) Resource exhaustion (CVE-ID: CVE-2022-45873)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock within the parse_elf_object() function in shared/elf-util.c. A local user can perform a denial of service (DoS) attack.


55) Improper Privilege Management (CVE-ID: CVE-2022-4415)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.

The vulnerability affects systems with libacl support.


56) Off-by-one (CVE-ID: CVE-2022-3821)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.



57) Out-of-bounds read (CVE-ID: CVE-2022-2469)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "lib/gssapi/server.c". A remote authenticated GSS-API client can send specially crafted request to the GNU SASL server, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


58) SQL injection (CVE-ID: CVE-2022-29155)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the experimental back-sql backend to slapd during an LDAP search operation when the search filter is processed. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


59) Double Free (CVE-ID: CVE-2022-2509)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


60) Reachable Assertion (CVE-ID: CVE-2022-3924)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion. A remote attacker can send specially crafted queries to the resolver and perform a denial of service (DoS) attack.


61) Out-of-bounds read (CVE-ID: CVE-2022-2881)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when reusing HTTP connection while requesting statistics from the stats channel. A remote DNS server under attacker's control trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.


62) Integer overflow (CVE-ID: CVE-2022-37454)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the Keccak XKCP SHA-3 reference implementation. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system or eliminate expected cryptographic properties.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


63) Out-of-bounds read (CVE-ID: CVE-2022-27405)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "FNT_Size_Request" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.


64) Incorrect Regular Expression (CVE-ID: CVE-2022-40899)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing the Set-Cookie header. A remote attacker can send a specially crafted HTTP request to the application and perform a regular expression denial of service (ReDoS) attack.


65) Access of Uninitialized Pointer (CVE-ID: CVE-2022-34480)

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a boundary error within the lg_init() function when handling several allocations. A remote attacker can cause browser crash.


66) Input validation error (CVE-ID: CVE-2022-22747)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of empty pkcs7 sequence, passed as part of the certificate data. A remote attacker can pass specially crafted certificate to the application and perform a denial of service (DoS) attack.


67) Stack-based buffer overflow (CVE-ID: CVE-2022-3479)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the NSS_GetClientAuthData() function in /lib/ssl/authcert.c when accessing gnutls server without a user certificate in the database. A remote attacker can trigger a stack-based buffer overflow and crash the application using the affected library.


68) Out-of-bounds read (CVE-ID: CVE-2022-41742)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service attack.

The vulnerability exists due to a boundary condition within the ngx_http_mp4_module module when handling MP4 files. A remote attacker can pass a specially crafted file to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.


69) Out-of-bounds read (CVE-ID: CVE-2022-41741)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service attack.

The vulnerability exists due to a boundary condition within the ngx_http_mp4_module module when handling MP4 files. A remote attacker can pass a specially crafted file to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.


70) Out-of-bounds write (CVE-ID: CVE-2022-31782)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in ftbench.c. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


71) Out-of-bounds read (CVE-ID: CVE-2022-27406)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "FT_Request_Size" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.


72) Out-of-bounds write (CVE-ID: CVE-2022-27404)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "sfnt_init_face" function. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


73) Memory leak (CVE-ID: CVE-2022-2906)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. A remote attacker can force the application to leak memory and perform denial of service attack.


74) Use-after-free (CVE-ID: CVE-2022-40674)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


75) Use-after-free (CVE-ID: CVE-2022-43680)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


76) Memory leak (CVE-ID: CVE-2022-2929)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.


77) Input validation error (CVE-ID: CVE-2022-2928)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.


78) Reachable Assertion (CVE-ID: CVE-2022-1183)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion that can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early. A remote attacker can send specially crafted request and perform a denial of service (DoS) attack.


79) Memory leak (CVE-ID: CVE-2022-38178)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.


80) Memory leak (CVE-ID: CVE-2022-38177)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.


81) Input validation error (CVE-ID: CVE-2022-3080)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when resolvers are configured to answer from stale cache with zero stale-answer-client-timeout and there is a stale CNAME in the cache for an incoming query. A remote attacker can send a specially crafted request to the DNS resolver and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References