GNU

A flaw was found in the grub2-set-bootflag utility of grub2

CVE-2024-1048 3.3 - Low - February 06, 2024

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

Insufficient Cleanup

A flaw was found in indent, a program for formatting C code

CVE-2024-0911 5.5 - Medium - February 06, 2024

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

Memory Corruption

A flaw was found in the GNU coreutils "split" program

CVE-2024-0684 5.5 - Medium - February 06, 2024

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Memory Corruption

A path traversal vulnerability was found in the CPIO utility

CVE-2023-7216 5.3 - Medium - February 05, 2024

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, this allows writing files in arbitrary directories through symlinks.

insecure temporary file

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6246 7.8 - High - January 31, 2024

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Memory Corruption

An integer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6780 5.3 - Medium - January 31, 2024

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Incorrect Calculation of Buffer Size

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6779 7.5 - High - January 31, 2024

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Memory Corruption

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust

CVE-2024-0567 7.5 - High - January 16, 2024

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Improper Verification of Cryptographic Signature

A vulnerability was found in GnuTLS

CVE-2024-0553 7.5 - High - January 16, 2024

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Side Channel Attack

An authentication bypass flaw was found in GRUB due to the way

CVE-2023-4001 6.8 - Medium - January 15, 2024

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Authentication Bypass by Spoofing

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVE-2023-26157 7.5 - High - January 02, 2024

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

Out-of-bounds Read

A vulnerability was found

CVE-2023-5981 5.9 - Medium - November 28, 2023

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Side Channel Attack

An attacker with local access to a system (either through a disk or external drive)

CVE-2023-4949 6.7 - Medium - November 10, 2023

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grubs XFS file system implementation.

Memory Corruption

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver

CVE-2023-4693 4.6 - Medium - October 25, 2023

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Out-of-bounds Read

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver

CVE-2023-4692 7.8 - High - October 25, 2023

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Memory Corruption

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable

CVE-2023-4911 7.8 - High - October 03, 2023

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Memory Corruption

A heap out-of-bounds read flaw was found in builtin.c in the gawk package

CVE-2023-4156 7.1 - High - September 25, 2023

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

Out-of-bounds Read

A flaw was found in the GNU C Library

CVE-2023-5156 7.5 - High - September 25, 2023

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Memory Leak

A flaw was found in glibc

CVE-2023-4527 6.5 - Medium - September 18, 2023

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Out-of-bounds Read

A flaw was found in glibc

CVE-2023-4806 5.9 - Medium - September 18, 2023

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Dangling pointer

A flaw was found in Binutils

CVE-2023-25588 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25586 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25585 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Use of Uninitialized Resource

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-25584 7.1 - High - September 14, 2023

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Out-of-bounds Read

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains

CVE-2023-4039 4.8 - Medium - September 13, 2023

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

A flaw was found in glibc

CVE-2023-4813 5.9 - Medium - September 12, 2023

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Dangling pointer

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could

CVE-2020-35342 7.5 - High - August 22, 2023

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Improper Initialization

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CVE-2021-46174 7.5 - High - August 22, 2023

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Memory Corruption

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1

CVE-2020-19188 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1

CVE-2020-19189 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1

CVE-2020-19190 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34

CVE-2020-19724 5.5 - Medium - August 22, 2023

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

Memory Leak

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data

CVE-2020-19726 8.8 - High - August 22, 2023

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

An issue was discovered in GNU Binutils 2.34

CVE-2020-21490 5.5 - Medium - August 22, 2023

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

Memory Leak

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVE-2022-48065 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Memory Leak

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48064 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Allocation of Resources Without Limits or Throttling

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48063 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Resource Exhaustion

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47696 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47695 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads

CVE-2022-47673 7.8 - High - August 22, 2023

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

Out-of-bounds Read

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47011 5.5 - Medium - August 22, 2023

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38

CVE-2022-47010 5.5 - Medium - August 22, 2023

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38

CVE-2022-47008 5.5 - Medium - August 22, 2023

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47007 5.5 - Medium - August 22, 2023

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-45703 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Memory Corruption

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-44840 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Memory Corruption

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library)

CVE-2020-35357 6.5 - Medium - August 22, 2023

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

Classic Buffer Overflow

Null pointer dereference vulnerability in Binutils readelf 2.38.50

CVE-2022-35206 5.5 - Medium - August 22, 2023

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

NULL Pointer Dereference

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names

CVE-2022-35205 5.5 - Medium - August 22, 2023

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

assertion failure

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1

CVE-2020-19185 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1

CVE-2020-19186 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1

CVE-2020-19187 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c

CVE-2023-40305 5.5 - Medium - August 14, 2023

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

Memory Corruption

GNU inetutils before 2.5 may

CVE-2023-40303 7.8 - High - August 14, 2023

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

Unchecked Return Value

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow

CVE-2023-39130 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

Memory Corruption

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free

CVE-2023-39129 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

Dangling pointer

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow

CVE-2023-39128 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

Memory Corruption

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems

CVE-2022-28736 7.8 - High - July 20, 2023

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

Dangling pointer

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems

CVE-2022-28735 7.8 - High - July 20, 2023

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers

CVE-2022-28734 7 - High - July 20, 2023

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

Memory Corruption

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet

CVE-2022-28733 8.1 - High - July 20, 2023

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

Integer underflow

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36

CVE-2021-32256 6.5 - Medium - July 18, 2023

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Memory Corruption

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might

CVE-2015-20109 5.5 - Medium - June 25, 2023

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.

Classic Buffer Overflow

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36274 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36273 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36272 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36271 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

Memory Corruption

A vulnerability was found in GNU cflow 1.7

CVE-2023-2789 7.5 - High - May 18, 2023

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Improper Resource Shutdown or Release

A flaw was found in the Emacs text editor

CVE-2023-2491 7.8 - High - May 17, 2023

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Command Injection

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c

CVE-2023-1972 6.5 - Medium - May 17, 2023

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Memory Corruption

An issue was discovered in Mailman Core before 3.3.5

CVE-2021-34337 6.3 - Medium - April 15, 2023

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file

CVE-2023-29491 7.8 - High - April 14, 2023

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Memory Corruption

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD)

CVE-2023-24626 6.5 - Medium - April 08, 2023

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CVE-2023-1579 7.8 - High - April 03, 2023

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

Memory Corruption

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name

CVE-2023-28617 7.8 - High - March 19, 2023

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Shell injection

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters

CVE-2023-27986 7.8 - High - March 09, 2023

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

Code Injection

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI

CVE-2023-27985 7.8 - High - March 09, 2023

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

Shell injection

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5

CVE-2023-25222 8.8 - High - March 01, 2023

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

Memory Corruption

GNU libmicrohttpd before 0.9.76

CVE-2023-27371 5.9 - Medium - February 28, 2023

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Out-of-bounds Read

An issue was discovered in GNU Emacs through 28.2

CVE-2022-48339 7.8 - High - February 20, 2023

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

Output Sanitization

An issue was discovered in GNU Emacs through 28.2

CVE-2022-48338 7.3 - High - February 20, 2023

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.

Command Injection

GNU Emacs through 28.2

CVE-2022-48337 9.8 - Critical - February 20, 2023

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Shell injection

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS

CVE-2023-0361 7.4 - High - February 15, 2023

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Side Channel Attack

In GNU Less before 609, crafted data

CVE-2022-46663 7.5 - High - February 07, 2023

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

A vulnerability was found in GNU C Library 2.38

CVE-2023-0687 9.8 - Critical - February 06, 2023

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

Classic Buffer Overflow

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size

CVE-2023-25139 9.8 - Critical - February 03, 2023

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

Memory Corruption

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump

CVE-2022-48303 5.5 - Medium - January 30, 2023

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Out-of-bounds Read

An illegal memory access flaw was found in the binutils package

CVE-2022-4285 5.5 - Medium - January 27, 2023

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform

CVE-2022-3715 7.8 - High - January 05, 2023

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

Memory Corruption

When rendering certain unicode sequences

CVE-2022-3775 7.1 - High - December 19, 2022

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Memory Corruption

A buffer overflow was found in grub_font_construct_glyph()

CVE-2022-2601 8.6 - High - December 14, 2022

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Heap-based Buffer Overflow

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow

CVE-2022-45332 7.8 - High - November 30, 2022

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

Memory Corruption

GNU Emacs through 28.2

CVE-2022-45939 7.8 - High - November 28, 2022

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Shell injection

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check

CVE-2021-46848 9.1 - Critical - October 24, 2022

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

off-by-five

GNU oSIP v5.3.0 was discovered to contain an integer overflow

CVE-2022-41550 6.5 - Medium - October 11, 2022

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.

Integer Overflow or Wraparound

A stack-based buffer overflow flaw was found in the Fribidi package

CVE-2022-25308 7.8 - High - September 06, 2022

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Stack Overflow

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file

CVE-2022-25310 5.5 - Medium - September 06, 2022

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

NULL Pointer Dereference

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file

CVE-2022-25309 5.5 - Medium - September 06, 2022

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Heap-based Buffer Overflow

An issue was discovered in PSPP 1.6.2

CVE-2022-39832 7.8 - High - September 05, 2022

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Memory Corruption

An issue was discovered in PSPP 1.6.2

CVE-2022-39831 7.8 - High - September 05, 2022

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

Memory Corruption