SB2025033127 - PowerProtect Data Protection software update for third-party components
Published: March 31, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 53 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-20398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. A remote attacker can perform a denial of service (DoS) attack.
2) Resource management error (CVE-ID: CVE-2023-3446)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2023-3817)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Stack-based buffer overflow (CVE-ID: CVE-2019-19333)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when libyang parses YANG files with a leaf of type "bits". A remote unauthenticated attacker can pass to the application an untrusted YANG file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2019-19334)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when libyang parses YANG files with a leaf of type "identityref". A remote unauthenticated attacker can pass to the application an untrusted YANG file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Double Free (CVE-ID: CVE-2019-20393)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
7) Double Free (CVE-ID: CVE-2019-20394)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
8) Double Free (CVE-ID: CVE-2019-20397)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
9) Buffer overflow (CVE-ID: CVE-2019-20391)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
10) Buffer overflow (CVE-ID: CVE-2019-20392)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
11) Resource exhaustion (CVE-ID: CVE-2019-20395)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
12) Input validation error (CVE-ID: CVE-2019-20396)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
13) Improper Certificate Validation (CVE-ID: CVE-2019-11324)
14) Race condition (CVE-ID: CVE-2022-48566)
The vulnerability allows a remote attacker to gain access to sensitive information,
The vulnerability exists due to a race condition in compare_digest in Lib/hmac.py. A remote attacker can exploit the race and gain unauthorized access to sensitive information.
15) Information disclosure (CVE-ID: CVE-2023-43804)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.
16) Information disclosure (CVE-ID: CVE-2018-25091)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the authorization HTTP header when following a cross-origin redirect. A remote attacker can gain access to sensitive information.
Note, the vulnerability exists due to incomplete fix for #VU26413 (CVE-2018-20060).
17) CRLF injection (CVE-ID: CVE-2019-11236)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient filtration of user-supplied data passed via HTTP request parameters to urllib3 library. A remote attacker can pass specially crafted data that contains CRLF sequences and perform a spoofing attack.
18) CRLF injection (CVE-ID: CVE-2020-26137)
The vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
19) Information disclosure (CVE-ID: CVE-2023-45803)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.
20) Improper privilege management (CVE-ID: CVE-2023-7090)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management when handling ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. A local user can escalate privileges in applications, where client hosts retain privileges even after retracting them.
21) OS Command Injection (CVE-ID: CVE-2023-28486)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
22) OS Command Injection (CVE-ID: CVE-2023-28487)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.23) Resource exhaustion (CVE-ID: CVE-2024-1975)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
24) Resource management error (CVE-ID: CVE-2024-1737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
25) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
26) Resource exhaustion (CVE-ID: CVE-2022-48564)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability occurs when processing malformed Apple Property List files in binary format. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2024-38813)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user can send specially crafted packets to the server and execute arbitrary code with root privileges.
28) Memory corruption (CVE-ID: CVE-2018-5733)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
29) Heap-based buffer overflow (CVE-ID: CVE-2024-38812)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the implementation of the DCERPC protocol. A remote attacker can send specially crafted packets to the affected server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Out-of-bounds read (CVE-ID: CVE-2024-37086)
The vulnerability allows a malicious user on the guest OS to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. An attacker with access to the guest OS can trigger an out-of-bounds read and crash the host OS.
31) Improper Authentication (CVE-ID: CVE-2024-37085)
The vulnerability allows a remote user to compromise the ESXi host.
The vulnerability exists due to an error within the authentication process. A remote user with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
32) Resource exhaustion (CVE-ID: CVE-2023-3341)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling control channel messages . A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
33) Improper certificate validation (CVE-ID: CVE-2023-28321)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
34) Information disclosure (CVE-ID: CVE-2023-46218)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
35) Expected behavior violation (CVE-ID: CVE-2023-28322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
36) External control of file name or path (CVE-ID: CVE-2023-38546)
The vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl. 37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
38) Resource exhaustion (CVE-ID: CVE-2017-3144)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper cleaning up of closed OMAPI connections. A remote attacker who is permitted to establish connections to the OMAPI control port can trigger exhaustion of the pool of socket descriptors available to the DHCP server and cause the service to crash.
39) Buffer overflow (CVE-ID: CVE-2018-5732)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the dhclient due to buffer overflow. A remote attacker can send specially crafted response, trigger memory corruption and cause the service to crash.
40) Input validation error (CVE-ID: CVE-2019-6470)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a double deletion issue of released addresses in the DHCPv6 code. A remote non-authenticated attacker can send specially crafted DHCP message to the affected system and perform denial of service attack.
41) Use-after-free (CVE-ID: CVE-2022-48560)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to use-after-free exists via heappushpop in heapq. A remote attacker can trigger the vulnerability to perform a denial of service attack.
42) Input validation error (CVE-ID: CVE-2021-25217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to insufficient validation of options data stored in DHCP leases. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information.
Both dhcpd and dhclient are affected by the vulnerability.
43) Input validation error (CVE-ID: CVE-2022-2928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.
44) Memory leak (CVE-ID: CVE-2022-2929)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.
45) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2024-0553)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
Note, the vulnerability exists due to incomplete fox for #VU83316 (CVE-2023-5981).
46) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2023-5981)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
47) Access of Uninitialized Pointer (CVE-ID: CVE-2023-36054)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.
48) Improper input validation (CVE-ID: CVE-2023-22084)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
49) Out-of-bounds write (CVE-ID: CVE-2021-39537)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
50) Buffer overflow (CVE-ID: CVE-2023-29491)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
51) Resource exhaustion (CVE-ID: CVE-2020-11080)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing HTTP/2 SETTINGS frames. A remote attacker can trigger high CPU load by sending large HTTP/2 SETTINGS frames and perform a denial of service (DoS) attack.
52) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
53) XML External Entity injection (CVE-ID: CVE-2022-48565)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the plistlib module. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
Remediation
Install update from vendor's website.