Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.2220
2024-04 Security Bulletin: cRPD: Multiple vulnerabilities resolved in
23.4R1 release
11 April 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cRPD
Publisher: Juniper Networks
Operating System: Juniper
Resolution: Patch/Upgrade
CVE Names: CVE-2023-41913 CVE-2023-32731 CVE-2018-20482
CVE-2023-5981 CVE-2023-4806 CVE-2023-2603
CVE-2023-43804 CVE-2023-0466 CVE-2019-17042
CVE-2019-17041 CVE-2023-4807 CVE-2023-44487
CVE-2023-4785 CVE-2023-27043 CVE-2023-29491
CVE-2019-18276 CVE-2022-48522 CVE-2023-23931
CVE-2021-33560 CVE-2023-38408 CVE-2023-0401
CVE-2023-0286 CVE-2023-0217 CVE-2023-0216
CVE-2023-0215 CVE-2022-4450 CVE-2011-1089
CVE-2022-4304 CVE-2011-1677 CVE-2011-1675
CVE-2023-40217 CVE-2023-36054 CVE-2023-3446
CVE-2023-48795 CVE-2023-2650 CVE-2023-3978
CVE-2023-39975 CVE-2020-27783 CVE-2016-10009
CVE-2020-28928 CVE-2021-22947 CVE-2021-22946
CVE-2023-32732 CVE-2018-7738 CVE-2021-40528
CVE-2023-2253 CVE-2020-25659 CVE-2021-23240
CVE-2023-46218 CVE-2023-49083 CVE-2023-5156
CVE-2020-8037 CVE-2020-14343 CVE-2018-20225
CVE-2021-28957 CVE-2020-19190 CVE-2020-19188
CVE-2020-19187 CVE-2020-19186 CVE-2020-19185
CVE-2020-27350 CVE-2023-32681 CVE-2021-20193
CVE-2020-19189 CVE-2019-9923 CVE-2022-3996
CVE-2023-28366 CVE-2022-48554 CVE-2023-0809
CVE-2021-41039 CVE-2021-34434 CVE-2023-3592
CVE-2023-1428 CVE-2020-28493 CVE-2021-28831
CVE-2020-36242 CVE-2021-37600 CVE-2011-1676
CVE-2016-2781 CVE-2017-18018 CVE-2018-1000215
CVE-2018-1000654 CVE-2020-22916 CVE-2021-30139
CVE-2021-36159 CVE-2020-1747 CVE-2024-30407
Original Bulletin:
https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-23-4R1-release
Comment: CVSS (Max): 9.8 CVE-2023-38408 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Juniper Networks
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Article ID: JSA79107
Product Affected: This issue affects all versions of cRPD before 23.4R1.
Severity Level: Critical
CVSS Score: CVSS 3.1
Problem:
Multiple vulnerabilities have been resolved in Juniper Networks Junos cRPD by
updating third party software included with cRPD.
These issues affect Juniper Networks cRPD software versions earlier than
23.4R1.
Important security issues resolved include:
+----------------+--------+---------------------------------------------------+
| CVE | CVSS | Summary |
+----------------+--------+---------------------------------------------------+
| |3.3 |mount in util-linux 2.19 and earlier attempts to |
| |(AV:L/ |append to the /etc/mtab.tmp file without first |
| |AC:M/ |checking whether resource limits would interfere, |
|CVE-2011-1675 |Au:N/C:P|which allows local users to trigger corruption of |
| |/I:P/ |the /etc/mtab file via a process with a small |
| |A:N) |RLIMIT_FSIZE value, a related issue to |
| | |CVE-2011-1089. |
+----------------+--------+---------------------------------------------------+
| |3.3 |mount in util-linux 2.19 and earlier does not |
| |(AV:L/ |remove the /etc/mtab.tmp file after a failed |
|CVE-2011-1676 |AC:M/ |attempt to add a mount entry, which allows local |
| |Au:N/C:P|users to trigger corruption of the /etc/mtab file |
| |/I:P/ |via multiple invocations. |
| |A:N) | |
+----------------+--------+---------------------------------------------------+
| |4.6 | |
| |(AV:L/ |mount in util-linux 2.19 and earlier does not |
|CVE-2011-1677 |AC:L/ |remove the /etc/mtab~ lock file after a failed |
| |Au:N/C:P|attempt to add a mount entry, which has unspecified|
| |/I:P/ |impact and local attack vectors. |
| |A:P) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.0| |
| |/AV:L/ |chroot in GNU coreutils, when used with --userspec,|
|CVE-2016-2781 |AC:L/ |allows local users to escape to the parent session |
| |PR:L/ |via a crafted TIOCSTI ioctl call, which pushes |
| |UI:N/S:C|characters to the terminal's input buffer. |
| |/C:N/I:H| |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |4.7 ( | |
| |CVSS:3.0|In GNU Coreutils through 8.29, chown-core.c in |
| |/AV:L/ |chown and chgrp does not prevent replacement of a |
|CVE-2017-18018 |AC:H/ |plain file with a symlink during use of the POSIX |
| |PR:L/ |"-R -L" options, which allows local users to modify|
| |UI:N/S:U|the ownership of arbitrary files by leveraging a |
| |/C:N/I:H|race condition. |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |7.5 ( |Dave Gamble cJSON version 1.7.6 and earlier |
| |CVSS:3.0|contains a CWE-772 vulnerability in cJSON library |
| |/AV:N/ |that can result in Denial of Service (DoS). This |
|CVE-2018-1000215|AC:L/ |attack appear to be exploitable via If the attacker|
| |PR:N/ |can force the data to be printed and the system is |
| |UI:N/S:U|in low memory it can force a leak of memory. This |
| |/C:N/I:N|vulnerability appears to have been fixed in 1.7.7. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.5 ( |GNU Libtasn1-4.13 libtasn1-4.13 version |
| |CVSS:3.0|libtasn1-4.13, libtasn1-4.12 contains a DoS, |
| |/AV:L/ |specifically CPU usage will reach 100% when running|
|CVE-2018-1000654|AC:L/ |asn1Paser against the POC due to an issue in |
| |PR:N/ |_asn1_expand_object_id(p_tree), after a long time, |
| |UI:R/S:U|the program will be killed. This attack appears to |
| |/C:N/I:N|be exploitable via parsing a crafted file. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |An issue was discovered in pip (all versions) |
| | |because it installs the version with the highest |
| |7.8 ( |version number, even if the user had intended to |
| |CVSS:3.1|obtain a private package from a private index. This|
| |/AV:L/ |only affects use of the --extra-index-url option, |
|CVE-2018-20225 |AC:L/ |and exploitation requires that the package does not|
| |PR:N/ |already exist in the public index (and thus the |
| |UI:R/S:U|attacker can put the package there with an |
| |/C:H/I:H|arbitrary version number). NOTE: it has been |
| |/A:H ) |reported that this is intended functionality and |
| | |the user is responsible for using --extra-index-url|
| | |securely |
+----------------+--------+---------------------------------------------------+
| |4.7 ( |GNU Tar through 1.30, when --sparse is used, |
| |CVSS:3.1|mishandles file shrinkage during read access, which|
| |/AV:L/ |allows local users to cause a denial of service |
|CVE-2018-20482 |AC:H/ |(infinite read loop in sparse_dump_region in |
| |PR:L/ |sparse.c) by modifying a file that is supposed to |
| |UI:N/S:U|be archived by a different user's process (e.g., a |
| |/C:N/I:N|system backup running as root). |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |7.8 ( |In util-linux before 2.32-rc1, bash-completion/ |
| |CVSS:3.0|umount allows local users to gain privileges by |
| |/AV:L/ |embedding shell commands in a mountpoint name, |
|CVE-2018-7738 |AC:L/ |which is mishandled during a umount command (within|
| |PR:L/ |Bash) by a different user, as demonstrated by |
| |UI:N/S:U|logging in as root and entering umount followed by |
| |/C:H/I:H|a tab character for autocompletion. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |An issue was discovered in Rsyslog v8.1908.0. |
| | |contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has|
| | |a heap overflow in the parser for AIX log messages.|
| | |The parser tries to locate a log message delimiter |
| | |(in this case, a space or a colon) but fails to |
| |9.8 ( |account for strings that do not satisfy this |
| |CVSS:3.1|constraint. If the string does not match, then the |
| |/AV:N/ |variable lenMsg will reach the value zero and will |
| |AC:L/ |skip the sanity check that detects invalid log |
|CVE-2019-17041 |PR:N/ |messages. The message will then be considered |
| |UI:N/S:U|valid, and the parser will eat up the nonexistent |
| |/C:H/I:H|colon delimiter. In doing so, it will decrement |
| |/A:H ) |lenMsg, a signed integer, whose value was zero and |
| | |now becomes minus one. The following step in the |
| | |parser is to shift left the contents of the |
| | |message. To do this, it will call memmove with the |
| | |right pointers to the target and destination |
| | |strings, but the lenMsg will now be interpreted as |
| | |a huge value, causing a heap overflow. |
+----------------+--------+---------------------------------------------------+
| | |An issue was discovered in Rsyslog v8.1908.0. |
| | |contrib/pmcisconames/pmcisconames.c has a heap |
| | |overflow in the parser for Cisco log messages. The |
| | |parser tries to locate a log message delimiter (in |
| | |this case, a space or a colon), but fails to |
| |9.8 ( |account for strings that do not satisfy this |
| |CVSS:3.1|constraint. If the string does not match, then the |
| |/AV:N/ |variable lenMsg will reach the value zero and will |
| |AC:L/ |skip the sanity check that detects invalid log |
|CVE-2019-17042 |PR:N/ |messages. The message will then be considered |
| |UI:N/S:U|valid, and the parser will eat up the nonexistent |
| |/C:H/I:H|colon delimiter. In doing so, it will decrement |
| |/A:H ) |lenMsg, a signed integer, whose value was zero and |
| | |now becomes minus one. The following step in the |
| | |parser is to shift left the contents of the |
| | |message. To do this, it will call memmove with the |
| | |right pointers to the target and destination |
| | |strings, but the lenMsg will now be interpreted as |
| | |a huge value, causing a heap overflow. |
+----------------+--------+---------------------------------------------------+
| | |An issue was discovered in disable_priv_mode in |
| | |shell.c in GNU Bash through 5.0 patch 11. By |
| |7.8 ( |default, if Bash is run with its effective UID not |
| |CVSS:3.1|equal to its real UID, it will drop privileges by |
| |/AV:L/ |setting its effective UID to its real UID. However,|
| |AC:L/ |it does so incorrectly. On Linux and other systems |
|CVE-2019-18276 |PR:L/ |that support "saved UID" functionality, the saved |
| |UI:N/S:U|UID is not dropped. An attacker with command |
| |/C:H/I:H|execution in the shell can use "enable -f" for |
| |/A:H ) |runtime loading of a new builtin, which can be a |
| | |shared object that calls setuid() and therefore |
| | |regains privileges. However, binaries running with |
| | |an effective UID of 0 are unaffected. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.0| |
| |/AV:N/ |pax_decode_header in sparse.c in GNU Tar before |
|CVE-2019-9923 |AC:L/ |1.32 had a NULL pointer dereference when parsing |
| |PR:N/ |certain archives that have malformed extended |
| |UI:N/S:U|headers. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |A vulnerability was discovered in the PyYAML |
| |9.8 ( |library in versions before 5.4, where it is |
| |CVSS:3.1|susceptible to arbitrary code execution when it |
| |/AV:N/ |processes untrusted YAML files through the |
| |AC:L/ |full_load method or with the FullLoader loader. |
|CVE-2020-14343 |PR:N/ |Applications that use the library to process |
| |UI:N/S:U|untrusted input may be vulnerable to this flaw. |
| |/C:H/I:H|This flaw allows an attacker to execute arbitrary |
| |/A:H ) |code on the system by abusing the python/object/new|
| | |constructor. This flaw is due to an incomplete fix |
| | |for CVE-2020-1747. |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Buffer Overflow vulnerability in one_one_mapping |
|CVE-2020-19185 |AC:L/ |function in progs/dump_entry.c:1373 in ncurses 6.1 |
| |PR:N/ |allows remote attackers to cause a denial of |
| |UI:R/S:U|service via crafted command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Buffer Overflow vulnerability in _nc_find_entry |
|CVE-2020-19186 |AC:L/ |function in tinfo/comp_hash.c:66 in ncurses 6.1 |
| |PR:N/ |allows remote attackers to cause a denial of |
| |UI:R/S:U|service via crafted command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Buffer Overflow vulnerability in fmt_entry function|
|CVE-2020-19187 |AC:L/ |in progs/dump_entry.c:1100 in ncurses 6.1 allows |
| |PR:N/ |remote attackers to cause a denial of service via |
| |UI:R/S:U|crafted command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Buffer Overflow vulnerability in fmt_entry function|
|CVE-2020-19188 |AC:L/ |in progs/dump_entry.c:1116 in ncurses 6.1 allows |
| |PR:N/ |remote attackers to cause a denial of service via |
| |UI:R/S:U|crafted command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1|Buffer Overflow vulnerability in |
| |/AV:N/ |postprocess_terminfo function in tinfo/ |
|CVE-2020-19189 |AC:L/ |parse_entry.c:997 in ncurses 6.1 allows remote |
| |PR:N/ |attackers to cause a denial of service via crafted |
| |UI:R/S:U|command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Buffer Overflow vulnerability in _nc_find_entry in |
|CVE-2020-19190 |AC:L/ |tinfo/comp_hash.c:70 in ncurses 6.1 allows remote |
| |PR:N/ |attackers to cause a denial of service via crafted |
| |UI:R/S:U|command. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.5 ( |An issue discovered in XZ 5.2.5 allows attackers to|
| |CVSS:3.1|cause a denial of service via decompression of a |
| |/AV:L/ |crafted file. NOTE: the vendor disputes the claims |
|CVE-2020-22916 |AC:L/ |of "endless output" and "denial of service" because|
| |PR:N/ |decompression of the 17,486 bytes always results in|
| |UI:R/S:U|114,881,179 bytes, which is often a reasonable size|
| |/C:N/I:N|increase. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.9 ( | |
| |CVSS:3.1| |
| |/AV:N/ |python-cryptography 3.2 is vulnerable to |
|CVE-2020-25659 |AC:H/ |Bleichenbacher timing attacks in the RSA decryption|
| |PR:N/ |API, via timed processing of valid PKCS#1 v1.5 |
| |UI:N/S:U|ciphertext. |
| |/C:H/I:N| |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |5.7 ( |APT had several integer overflows and underflows |
| |CVSS:3.1|while parsing .deb packages, aka GHSL-2020-168 |
| |/AV:L/ |GHSL-2020-169, in files apt-pkg/contrib/ |
| |AC:L/ |extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/|
|CVE-2020-27350 |PR:H/ |contrib/arfile.cc. This issue affects: apt |
| |UI:N/S:C|1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; |
| |/C:L/I:L|1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; |
| |/A:L ) |2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; |
| | |2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; |
+----------------+--------+---------------------------------------------------+
| |6.1 ( | |
| |CVSS:3.1|A XSS vulnerability was discovered in python-lxml's|
| |/AV:N/ |clean module. The module's parser didn't properly |
|CVE-2020-27783 |AC:L/ |imitate browsers, which caused different behaviors |
| |PR:N/ |between the sanitizer and the user's page. A remote|
| |UI:R/S:C|attacker could exploit this flaw to run arbitrary |
| |/C:L/I:L|HTML/JS code. |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |5.3 ( |This affects the package jinja2 from 0.0.0 and |
| |CVSS:3.1|before 2.11.3. The ReDoS vulnerability is mainly |
| |/AV:N/ |due to the `_punctuation_re regex` operator and its|
| |AC:L/ |use of multiple wildcards. The last wildcard is the|
|CVE-2020-28493 |PR:N/ |most exploitable as it searches for trailing |
| |UI:N/S:U|punctuation. This issue can be mitigated by |
| |/C:N/I:N|Markdown to format user content instead of the |
| |/A:L ) |urlize filter, or by implementing request timeouts |
| | |and limiting process memory. |
+----------------+--------+---------------------------------------------------+
| |5.5 ( | |
| |CVSS:3.1| |
| |/AV:L/ |In musl libc through 1.2.1, wcsnrtombs mishandles |
|CVE-2020-28928 |AC:L/ |particular combinations of destination buffer size |
| |PR:L/ |and source character limit, as demonstrated by an |
| |UI:N/S:U|invalid write access (buffer overflow). |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |9.1 ( | |
| |CVSS:3.1|In the cryptography package before 3.3.2 for |
| |/AV:N/ |Python, certain sequences of update calls to |
|CVE-2020-36242 |AC:L/ |symmetrically encrypt multi-GB values could result |
| |PR:N/ |in an integer overflow and buffer overflow, as |
| |UI:N/S:U|demonstrated by the Fernet class. |
| |/C:H/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ | |
|CVE-2020-8037 |AC:L/ |The ppp decapsulator in tcpdump 4.9.3 can be |
| |PR:N/ |convinced to allocate a large amount of memory. |
| |UI:N/S:U| |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.5 ( | |
| |CVSS:3.1|A flaw was found in the src/list.c of tar 1.33 and |
| |/AV:L/ |earlier. This flaw allows an attacker who can |
|CVE-2021-20193 |AC:L/ |submit a crafted input file to tar to cause |
| |PR:N/ |uncontrolled consumption of memory. The highest |
| |UI:R/S:U|threat from this vulnerability is to system |
| |/C:N/I:N|availability. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |A user can tell curl >= 7.20.0 and <= 7.78.0 to |
| | |require a successful upgrade to TLS when speaking |
| |7.5 ( |to an IMAP, POP3 or FTP server (`--ssl-reqd` on the|
| |CVSS:3.1|command line or`CURLOPT_USE_SSL` set to |
| |/AV:N/ |`CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` |
|CVE-2021-22946 |AC:L/ |withlibcurl). This requirement could be bypassed if|
| |PR:N/ |the server would return a properly crafted but |
| |UI:N/S:U|perfectly legitimate response.This flaw would then |
| |/C:H/I:N|make curl silently continue its operations |
| |/A:N ) |**withoutTLS** contrary to the instructions and |
| | |expectations, exposing possibly sensitive data in |
| | |clear text over the network. |
+----------------+--------+---------------------------------------------------+
| | |When curl >= 7.20.0 and <= 7.78.0 connects to an |
| | |IMAP or POP3 server to retrieve data using STARTTLS|
| | |to upgrade to TLS security, the server can respond |
| |5.9 ( |and send back multiple responses at once that curl |
| |CVSS:3.1|caches. curl would then upgrade to TLS but not |
| |/AV:N/ |flush the in-queue of cached responses but instead |
|CVE-2021-22947 |AC:H/ |continue using and trustingthe responses it got |
| |PR:N/ |*before* the TLS handshake as if they were |
| |UI:N/S:U|authenticated.Using this flaw, it allows a |
| |/C:N/I:H|Man-In-The-Middle attacker to first inject the fake|
| |/A:N ) |responses, then pass-through the TLS traffic from |
| | |the legitimate server and trick curl into sending |
| | |data back to the user thinking the attacker's |
| | |injected data comes from the TLS-protected server. |
+----------------+--------+---------------------------------------------------+
| |7.8 ( |selinux_edit_copy_tfiles in sudoedit in Sudo before|
| |CVSS:3.1|1.9.5 allows a local unprivileged user to gain file|
| |/AV:L/ |ownership and escalate privileges by replacing a |
|CVE-2021-23240 |AC:L/ |temporary file with a symlink to an arbitrary file |
| |PR:L/ |target. This affects SELinux RBAC support in |
| |UI:N/S:U|permissive mode. Machines without SELinux are not |
| |/C:H/I:H|vulnerable. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |decompress_gunzip.c in BusyBox through 1.32.1 |
|CVE-2021-28831 |AC:L/ |mishandles the error bit on the huft_build result |
| |PR:N/ |pointer, with a resultant invalid free or |
| |UI:N/S:U|segmentation fault, via malformed gzip data. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.1 ( |An XSS vulnerability was discovered in |
| |CVSS:3.1|python-lxml's clean module versions before 4.6.3. |
| |/AV:N/ |When disabling the safe_attrs_only and forms |
| |AC:L/ |arguments, the Cleaner class does not remove the |
|CVE-2021-28957 |PR:N/ |formaction attribute allowing for JS to bypass the |
| |UI:R/S:C|sanitizer. A remote attacker could exploit this |
| |/C:L/I:L|flaw to run arbitrary JS code on users who interact|
| |/A:N ) |with incorrectly sanitized HTML. This issue is |
| | |patched in lxml 4.6.3. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ | |
|CVE-2021-30139 |AC:L/ |In Alpine Linux apk-tools before 2.12.5, the |
| |PR:N/ |tarball parser allows a buffer overflow and crash. |
| |UI:N/S:U| |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1|Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 |
| |/AV:N/ |mishandles ElGamal encryption because it lacks |
|CVE-2021-33560 |AC:L/ |exponent blinding to address a side-channel attack |
| |PR:N/ |against mpi_powm, and the window size is not chosen|
| |UI:N/S:U|appropriately. This, for example, affects use of |
| |/C:H/I:N|ElGamal in OpenPGP. |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |5.3 ( | |
| |CVSS:3.1|In Eclipse Mosquitto versions 2.0 to 2.0.11, when |
| |/AV:N/ |using the dynamic security plugin, if the ability |
|CVE-2021-34434 |AC:L/ |for a client to make subscriptions on a topic is |
| |PR:N/ |revoked when a durable client is offline, then |
| |UI:N/S:U|existing subscriptions for that client are not |
| |/C:L/I:N|revoked. |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |9.1 ( |libfetch before 2021-07-26, as used in apk-tools, |
| |CVSS:3.1|xbps, and other products, mishandles numeric |
| |/AV:N/ |strings for the FTP and HTTP protocols. The FTP |
| |AC:L/ |passive mode implementation allows an out-of-bounds|
|CVE-2021-36159 |PR:N/ |read because strtol is used to parse the relevant |
| |UI:N/S:U|numbers into address bytes. It does not check if |
| |/C:H/I:N|the line ends prematurely. If it does, the for-loop|
| |/A:H ) |condition checks for the '\0' terminator one byte |
| | |too late. |
+----------------+--------+---------------------------------------------------+
| |5.5 ( |An integer overflow in util-linux through 2.37.1 |
| |CVSS:3.1|can potentially cause a buffer overflow if an |
| |/AV:L/ |attacker were able to use system resources in a way|
|CVE-2021-37600 |AC:L/ |that leads to a large number in the /proc/sysvipc/ |
| |PR:N/ |sem file. NOTE: this is unexploitable in GNU C |
| |UI:R/S:U|Library environments, and possibly in all realistic|
| |/C:N/I:N|environments. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.9 ( |The ElGamal implementation in Libgcrypt before |
| |CVSS:3.1|1.9.4 allows plaintext recovery because, during |
| |/AV:N/ |interaction between two cryptographic libraries, a |
|CVE-2021-40528 |AC:H/ |certain dangerous combination of the prime defined |
| |PR:N/ |by the receiver's public key, the generator defined|
| |UI:N/S:U|by the receiver's public key, and the sender's |
| |/C:H/I:N|ephemeral exponents can lead to a |
| |/A:N ) |cross-configuration attack against OpenPGP. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1|In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an |
| |/AV:N/ |MQTT v5 client connecting with a large number of |
|CVE-2021-41039 |AC:L/ |user-property properties could cause excessive CPU |
| |PR:N/ |usage, leading to a loss of performance and |
| |UI:N/S:U|possible denial of service. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |If an X.509 certificate contains a malformed policy|
| | |constraint and policy processing is enabled, then a|
| | |write lock will be taken twice recursively. On some|
| |7.5 ( |operating systems (most widely: Windows) this |
| |CVSS:3.1|results in a denial of service when the affected |
| |/AV:N/ |process hangs. Policy processing being enabled on a|
|CVE-2022-3996 |AC:L/ |publicly facing server is not considered to be a |
| |PR:N/ |common setup. Policy processing is enabled by |
| |UI:N/S:U|passing the `-policy' argument to the command line |
| |/C:N/I:N|utilities or by calling the |
| |/A:H ) |`X509_VERIFY_PARAM_set1_policies()' function. |
| | |Update (31 March 2023): The description of the |
| | |policy processing enablement was corrected based on|
| | |CVE-2023-0466. |
+----------------+--------+---------------------------------------------------+
| | |A timing based side channel exists in the OpenSSL |
| | |RSA Decryption implementation which could be |
| | |sufficient to recover a plaintext across a network |
| | |in a Bleichenbacher style attack. To achieve a |
| | |successful decryption an attacker would have to be |
| |5.9 ( |able to send a very large number of trial messages |
| |CVSS:3.1|for decryption. The vulnerability affects all RSA |
| |/AV:N/ |padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. |
| |AC:H/ |For example, in a TLS connection, RSA is commonly |
|CVE-2022-4304 |PR:N/ |used by a client to send an encrypted pre-master |
| |UI:N/S:U|secret to the server. An attacker that had observed|
| |/C:H/I:N|a genuine connection between a client and a server |
| |/A:N ) |could use this flaw to send trial messages to the |
| | |server and record the time taken to process them. |
| | |After a sufficiently large number of messages the |
| | |attacker could recover the pre-master secret used |
| | |for the original connection and thus be able to |
| | |decrypt the application data sent over that |
| | |connection. |
+----------------+--------+---------------------------------------------------+
| | |The function PEM_read_bio_ex() reads a PEM file |
| | |from a BIO and parses and decodes the "name" (e.g. |
| | |"CERTIFICATE"), any header data and the payload |
| | |data. If the function succeeds then the "name_out",|
| | |"header" and "data" arguments are populated with |
| | |pointers to buffers containing the relevant decoded|
| | |data. The caller is responsible for freeing those |
| | |buffers. It is possible to construct a PEM file |
| | |that results in 0 bytes of payload data. In this |
| | |case PEM_read_bio_ex() will return a failure code |
| | |but will populate the header argument with a |
| | |pointer to a buffer that has already been freed. If|
| |7.5 ( |the caller also frees this buffer then a double |
| |CVSS:3.1|free will occur. This will most likely lead to a |
| |/AV:N/ |crash. This could be exploited by an attacker who |
|CVE-2022-4450 |AC:L/ |has the ability to supply malicious PEM files for |
| |PR:N/ |parsing to achieve a denial of service attack. The |
| |UI:N/S:U|functions PEM_read_bio() and PEM_read() are simple |
| |/C:N/I:N|wrappers around PEM_read_bio_ex() and therefore |
| |/A:H ) |these functions are also directly affected. These |
| | |functions are also called indirectly by a number of|
| | |other OpenSSL functions including |
| | |PEM_X509_INFO_read_bio_ex() and |
| | |SSL_CTX_use_serverinfo_file() which are also |
| | |vulnerable. Some OpenSSL internal uses of these |
| | |functions are not vulnerable because the caller |
| | |does not free the header argument if |
| | |PEM_read_bio_ex() returns a failure code. These |
| | |locations include the PEM_read_bio_TYPE() functions|
| | |as well as the decoders introduced in OpenSSL 3.0. |
| | |The OpenSSL asn1parse command line application is |
| | |also impacted by this issue. |
+----------------+--------+---------------------------------------------------+
| |9.8 ( | |
| |CVSS:3.1| |
| |/AV:N/ |In Perl 5.34.0, function S_find_uninit_var in sv.c |
|CVE-2022-48522 |AC:L/ |has a stack-based crash that can lead to remote |
| |PR:N/ |code execution or local privilege escalation. |
| |UI:N/S:U| |
| |/C:H/I:H| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.5 ( | |
| |CVSS:3.1| |
| |/AV:L/ |File before 5.43 has an stack-based buffer |
|CVE-2022-48554 |AC:L/ |over-read in file_copystr in funcs.c. NOTE: "File" |
| |PR:N/ |is the name of an Open Source project. |
| |UI:R/S:U| |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |The public API function BIO_new_NDEF is a helper |
| | |function used for streaming ASN.1 data via a BIO. |
| | |It is primarily used internally to OpenSSL to |
| | |support the SMIME, CMS and PKCS7 streaming |
| | |capabilities, but may also be called directly by |
| | |end user applications. The function receives a BIO |
| | |from the caller, prepends a new BIO_f_asn1 filter |
| | |BIO onto the front of it to form a BIO chain, and |
| | |then returns the new head of the BIO chain to the |
| | |caller. Under certain conditions, for example if a |
| | |CMS recipient public key is invalid, the new filter|
| | |BIO is freed and the function returns a NULL result|
| |7.5 ( |indicating a failure. However, in this case, the |
| |CVSS:3.1|BIO chain is not properly cleaned up and the BIO |
| |/AV:N/ |passed by the caller still retains internal |
|CVE-2023-0215 |AC:L/ |pointers to the previously freed filter BIO. If the|
| |PR:N/ |caller then goes on to call BIO_pop() on the BIO |
| |UI:N/S:U|then a use-after-free will occur. This will most |
| |/C:N/I:N|likely result in a crash. This scenario occurs |
| |/A:H ) |directly in the internal function B64_write_ASN1() |
| | |which may cause BIO_new_NDEF() to be called and |
| | |will subsequently call BIO_pop() on the BIO. This |
| | |internal function is in turn called by the public |
| | |API functions PEM_write_bio_ASN1_stream, |
| | |PEM_write_bio_CMS_stream, |
| | |PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, |
| | |SMIME_write_CMS and SMIME_write_PKCS7. Other public|
| | |API functions that may be impacted by this include |
| | |i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, |
| | |i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The |
| | |OpenSSL cms and smime command line applications are|
| | |similarly affected. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( |An invalid pointer dereference on read can be |
| |CVSS:3.1|triggered when an application tries to load |
| |/AV:N/ |malformed PKCS7 data with the d2i_PKCS7(), |
| |AC:L/ |d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The |
|CVE-2023-0216 |PR:N/ |result of the dereference is an application crash |
| |UI:N/S:U|which could lead to a denial of service attack. The|
| |/C:N/I:N|TLS implementation in OpenSSL does not call this |
| |/A:H ) |function however third party applications might |
| | |call these functions on untrusted data. |
+----------------+--------+---------------------------------------------------+
| | |An invalid pointer dereference on read can be |
| | |triggered when an application tries to check a |
| |7.5 ( |malformed DSA public key by the |
| |CVSS:3.1|EVP_PKEY_public_check() function. This will most |
| |/AV:N/ |likely lead to an application crash. This function |
|CVE-2023-0217 |AC:L/ |can be called on public keys supplied from |
| |PR:N/ |untrusted sources which could allow an attacker to |
| |UI:N/S:U|cause a denial of service attack. The TLS |
| |/C:N/I:N|implementation in OpenSSL does not call this |
| |/A:H ) |function but applications might call the function |
| | |if there are additional security requirements |
| | |imposed by standards such as FIPS 140-3. |
+----------------+--------+---------------------------------------------------+
| | |There is a type confusion vulnerability relating to|
| | |X.400 address processing inside an X.509 |
| | |GeneralName. X.400 addresses were parsed as an |
| | |ASN1_STRING but the public structure definition for|
| | |GENERAL_NAME incorrectly specified the type of the |
| | |x400Address field as ASN1_TYPE. This field is |
| | |subsequently interpreted by the OpenSSL function |
| |7.4 ( |GENERAL_NAME_cmp as an ASN1_TYPE rather than an |
| |CVSS:3.1|ASN1_STRING. When CRL checking is enabled (i.e. the|
| |/AV:N/ |application sets the X509_V_FLAG_CRL_CHECK flag), |
| |AC:H/ |this vulnerability may allow an attacker to pass |
|CVE-2023-0286 |PR:N/ |arbitrary pointers to a memcmp call, enabling them |
| |UI:N/S:U|to read memory contents or enact a denial of |
| |/C:H/I:N|service. In most cases, the attack requires the |
| |/A:H ) |attacker to provide both the certificate chain and |
| | |CRL, neither of which need to have a valid |
| | |signature. If the attacker only controls one of |
| | |these inputs, the other input must already contain |
| | |an X.400 address as a CRL distribution point, which|
| | |is uncommon. As such, this vulnerability is most |
| | |likely to only affect applications which have |
| | |implemented their own functionality for retrieving |
| | |CRLs over a network. |
+----------------+--------+---------------------------------------------------+
| | |A NULL pointer can be dereferenced when signatures |
| | |are being verified on PKCS7 signed or |
| | |signedAndEnveloped data. In case the hash algorithm|
| | |used for the signature is known to the OpenSSL |
| | |library but the implementation of the hash |
| |7.5 ( |algorithm is not available the digest |
| |CVSS:3.1|initialization will fail. There is a missing check |
| |/AV:N/ |for the return value from the initialization |
| |AC:L/ |function which later leads to invalid usage of the |
|CVE-2023-0401 |PR:N/ |digest API most likely leading to a crash. The |
| |UI:N/S:U|unavailability of an algorithm can be caused by |
| |/C:N/I:N|using FIPS enabled configuration of providers or |
| |/A:H ) |more commonly by not loading the legacy provider. |
| | |PKCS7 data is processed by the SMIME library calls |
| | |and also by the time stamp (TS) library calls. The |
| | |TLS implementation in OpenSSL does not call these |
| | |functions however third party applications would be|
| | |affected if they call these functions to verify |
| | |signatures on untrusted data. |
+----------------+--------+---------------------------------------------------+
| |5.3 ( | |
| |CVSS:3.1| |
| |/AV:N/ |In Mosquitto before 2.0.16, excessive memory is |
|CVE-2023-0809 |AC:L/ |allocated based on malicious initial packets that |
| |PR:N/ |are not CONNECT packets. |
| |UI:N/S:U| |
| |/C:N/I:N| |
| |/A:L ) | |
+----------------+--------+---------------------------------------------------+
| | |There exists an vulnerability causing an abort() to|
| |7.5 ( |be called in gRPC. The following headers cause |
| |CVSS:3.1|gRPC's C++ implementation to abort() when called |
| |/AV:N/ |via http2: te: x (x != trailers) :scheme: x (x != |
|CVE-2023-1428 |AC:L/ |http, https) grpclb_client_stats: x (x == anything)|
| |PR:N/ |On top of sending one of those headers, a later |
| |UI:N/S:U|header must be sent that gets the total header size|
| |/C:N/I:N|past 8KB. We recommend upgrading past git commit |
| |/A:H ) |2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 |
| | |and above. |
+----------------+--------+---------------------------------------------------+
| |6.5 ( |A flaw was found in the `/v2/_catalog` endpoint in |
| |CVSS:3.1|distribution/distribution, which accepts a |
| |/AV:N/ |parameter to control the maximum number of records |
|CVE-2023-2253 |AC:L/ |returned (query string: `n`). This vulnerability |
| |PR:L/ |allows a malicious user to submit an unreasonably |
| |UI:N/S:U|large value for `n,` causing the allocation of a |
| |/C:N/I:N|massive string array, possibly causing a denial of |
| |/A:H ) |service through excessive use of memory. |
+----------------+--------+---------------------------------------------------+
| | |cryptography is a package designed to expose |
| | |cryptographic primitives and recipes to Python |
| |6.5 ( |developers. In affected versions |
| |CVSS:3.1|`Cipher.update_into` would accept Python objects |
| |/AV:N/ |which implement the buffer protocol, but provide |
|CVE-2023-23931 |AC:L/ |only immutable buffers. This would allow immutable |
| |PR:N/ |objects (such as `bytes`) to be mutated, thus |
| |UI:N/S:U|violating fundamental rules of Python and resulting|
| |/C:N/I:L|in corrupted output. This now correctly raises an |
| |/A:L ) |exception. This issue has been present since |
| | |`update_into` was originally introduced in |
| | |cryptography 1.8. |
+----------------+--------+---------------------------------------------------+
| |7.8 ( | |
| |CVSS:3.1| |
| |/AV:L/ |A vulnerability was found in libcap. This issue |
|CVE-2023-2603 |AC:L/ |occurs in the _libcap_strdup() function and can |
| |PR:L/ |lead to an integer overflow if the input string is |
| |UI:N/S:U|close to 4GiB. |
| |/C:H/I:H| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |Issue summary: Processing some specially crafted |
| | |ASN.1 object identifiers or data containing them |
| | |may be very slow. Impact summary: Applications that|
| | |use OBJ_obj2txt() directly, or use any of the |
| | |OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF|
| | |or TS with no message size limit may experience |
| | |notable to very long delays when processing those |
| | |messages, which may lead to a Denial of Service. An|
| | |OBJECT IDENTIFIER is composed of a series of |
| | |numbers - sub-identifiers - most of which have no |
| | |size limit. OBJ_obj2txt() may be used to translate |
| | |an ASN.1 OBJECT IDENTIFIER given in DER encoding |
| | |form (using the OpenSSL type ASN1_OBJECT) to its |
| | |canonical numeric text form, which are the |
| | |sub-identifiers of the OBJECT IDENTIFIER in decimal|
| | |form, separated by periods. When one of the |
| | |sub-identifiers in the OBJECT IDENTIFIER is very |
| | |large (these are sizes that are seen as absurdly |
| | |large, taking up tens or hundreds of KiBs), the |
| | |translation to a decimal number in text may take a |
| | |very long time. The time complexity is O(n^2) with |
| | |'n' being the size of the sub-identifiers in bytes |
| |6.5 ( |(*). With OpenSSL 3.0, support to fetch |
| |CVSS:3.1|cryptographic algorithms using names / identifiers |
| |/AV:N/ |in string form was introduced. This includes using |
| |AC:L/ |OBJECT IDENTIFIERs in canonical numeric text form |
|CVE-2023-2650 |PR:N/ |as identifiers for fetching algorithms. Such OBJECT|
| |UI:R/S:U|IDENTIFIERs may be received through the ASN.1 |
| |/C:N/I:N|structure AlgorithmIdentifier, which is commonly |
| |/A:H ) |used in multiple protocols to specify what |
| | |cryptographic algorithm should be used to sign or |
| | |verify, encrypt or decrypt, or digest passed data. |
| | |Applications that call OBJ_obj2txt() directly with |
| | |untrusted data are affected, with any version of |
| | |OpenSSL. If the use is for the mere purpose of |
| | |display, the severity is considered low. In OpenSSL|
| | |3.0 and newer, this affects the subsystems OCSP, |
| | |PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts |
| | |anything that processes X.509 certificates, |
| | |including simple things like verifying its |
| | |signature. The impact on TLS is relatively low, |
| | |because all versions of OpenSSL have a 100KiB limit|
| | |on the peer's certificate chain. Additionally, this|
| | |only impacts clients, or servers that have |
| | |explicitly enabled client authentication. In |
| | |OpenSSL 1.1.1 and 1.0.2, this only affects |
| | |displaying diverse objects, such as X.509 |
| | |certificates. This is assumed to not happen in such|
| | |a way that it would cause a Denial of Service, so |
| | |these versions are considered not affected by this |
| | |issue in such a way that it would be cause for |
| | |concern, and the severity is therefore considered |
| | |low. |
+----------------+--------+---------------------------------------------------+
| | |The email module of Python through 3.11.3 |
| |5.3 ( |incorrectly parses e-mail addresses that contain a |
| |CVSS:3.1|special character. The wrong portion of an RFC2822 |
| |/AV:N/ |header is identified as the value of the addr-spec.|
|CVE-2023-27043 |AC:L/ |In some applications, an attacker can bypass a |
| |PR:N/ |protection mechanism in which application access is|
| |UI:N/S:U|granted only after verifying receipt of e-mail to a|
| |/C:N/I:L|specific domain (e.g., only @company.example.com |
| |/A:N ) |addresses may be used for signup). This occurs in |
| | |email/_parseaddr.py in recent versions of Python. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1|The broker in Eclipse Mosquitto 1.3.2 through 2.x |
| |/AV:N/ |before 2.0.16 has a memory leak that can be abused |
|CVE-2023-28366 |AC:L/ |remotely when a client sends many QoS 2 messages |
| |PR:N/ |with duplicate message IDs, and fails to respond to|
| |UI:N/S:U|PUBREC commands. This occurs because of mishandling|
| |/C:N/I:N|of EAGAIN from the libc send function. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |7.8 ( | |
| |CVSS:3.1|ncurses before 6.4 20230408, when used by a setuid |
| |/AV:L/ |application, allows local users to trigger |
|CVE-2023-29491 |AC:L/ |security-relevant memory corruption via malformed |
| |PR:L/ |data in a terminfo database file that is found in |
| |UI:N/S:U|$HOME/.terminfo or reached via the TERMINFO or TERM|
| |/C:H/I:H|environment variable. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |Requests is a HTTP library. Since Requests 2.3.0, |
| | |Requests has been leaking Proxy-Authorization |
| | |headers to destination servers when redirected to |
| | |an HTTPS endpoint. This is a product of how we use |
| |6.1 ( |`rebuild_proxies` to reattach the |
| |CVSS:3.1|`Proxy-Authorization` header to requests. For HTTP |
| |/AV:N/ |connections sent through the tunnel, the proxy will|
| |AC:H/ |identify the header in the request itself and |
|CVE-2023-32681 |PR:N/ |remove it prior to forwarding to the destination |
| |UI:R/S:C|server. However when sent over HTTPS, the |
| |/C:H/I:N|`Proxy-Authorization` header must be sent in the |
| |/A:N ) |CONNECT request as the proxy has no visibility into|
| | |the tunneled request. This results in Requests |
| | |forwarding proxy credentials to the destination |
| | |server unintentionally, allowing a malicious actor |
| | |to potentially exfiltrate sensitive information. |
| | |This issue has been patched in version 2.31.0. |
+----------------+--------+---------------------------------------------------+
| | |When gRPC HTTP2 stack raised a header size exceeded|
| | |error, it skipped parsing the rest of the HPACK |
| |7.5 ( |frame. This caused any HPACK table mutations to |
| |CVSS:3.1|also be skipped, resulting in a desynchronization |
| |/AV:N/ |of HPACK tables between sender and receiver. If |
| |AC:L/ |leveraged, say, between a proxy and a backend, this|
|CVE-2023-32731 |PR:N/ |could lead to requests from the proxy being |
| |UI:N/S:U|interpreted as containing headers from different |
| |/C:H/I:N|proxy clients - leading to an information leak that|
| |/A:N ) |can be used for privilege escalation or data |
| | |exfiltration. We recommend upgrading beyond the |
| | |commit contained in https://github.com/grpc/grpc/ |
| | |pull/33005 https://github.com/grpc/grpc/pull/33005 |
+----------------+--------+---------------------------------------------------+
| |5.3 ( |gRPC contains a vulnerability whereby a client can |
| |CVSS:3.1|cause a termination of connection between a HTTP2 |
| |/AV:N/ |proxy and a gRPC server: a base64 encoding error |
|CVE-2023-32732 |AC:L/ |for `-bin` suffixed headers will result in a |
| |PR:N/ |disconnection by the gRPC server, but is typically |
| |UI:N/S:U|allowed by HTTP2 proxies. We recommend upgrading |
| |/C:N/I:N|beyond the commit in https://github.com/grpc/grpc/ |
| |/A:L ) |pull/32309 https://www.google.com/url |
+----------------+--------+---------------------------------------------------+
| | |Issue summary: Checking excessively long DH keys or|
| | |parameters may be very slow. Impact summary: |
| | |Applications that use the functions DH_check(), |
| | |DH_check_ex() or EVP_PKEY_param_check() to check a |
| | |DH key or DH parameters may experience long delays.|
| | |Where the key or parameters that are being checked |
| | |have been obtained from an untrusted source this |
| | |may lead to a Denial of Service. The function |
| | |DH_check() performs various checks on DH |
| | |parameters. One of those checks confirms that the |
| | |modulus ('p' parameter) is not too large. Trying to|
| |5.3 ( |use a very large modulus is slow and OpenSSL will |
| |CVSS:3.1|not normally use a modulus which is over 10,000 |
| |/AV:N/ |bits in length. However the DH_check() function |
| |AC:L/ |checks numerous aspects of the key or parameters |
|CVE-2023-3446 |PR:N/ |that have been supplied. Some of those checks use |
| |UI:N/S:U|the supplied modulus value even if it has already |
| |/C:N/I:N|been found to be too large. An application that |
| |/A:L ) |calls DH_check() and supplies a key or parameters |
| | |obtained from an untrusted source could be |
| | |vulernable to a Denial of Service attack. The |
| | |function DH_check() is itself called by a number of|
| | |other OpenSSL functions. An application calling any|
| | |of those other functions may similarly be affected.|
| | |The other functions affected by this are |
| | |DH_check_ex() and EVP_PKEY_param_check(). Also |
| | |vulnerable are the OpenSSL dhparam and pkeyparam |
| | |command line applications when using the '-check' |
| | |option. The OpenSSL SSL/TLS implementation is not |
| | |affected by this issue. The OpenSSL 3.0 and 3.1 |
| | |FIPS providers are not affected by this issue. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |In Mosquitto before 2.0.16, a memory leak occurs |
|CVE-2023-3592 |AC:L/ |when clients send v5 CONNECT packets with a will |
| |PR:N/ |message that contains invalid property types. |
| |UI:N/S:U| |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.5 ( |lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka |
| |CVSS:3.1|krb5) before 1.20.2 and 1.21.x before 1.21.1 frees |
| |/AV:N/ |an uninitialized pointer. A remote authenticated |
|CVE-2023-36054 |AC:L/ |user can trigger a kadmind crash. This occurs |
| |PR:L/ |because _xdr_kadm5_principal_ent_rec does not |
| |UI:N/S:U|validate the relationship between n_key_data and |
| |/C:N/I:N|the key_data array count. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |9.8 ( |The PKCS#11 feature in ssh-agent in OpenSSH before |
| |CVSS:3.1|9.3p2 has an insufficiently trustworthy search |
| |/AV:N/ |path, leading to remote code execution if an agent |
|CVE-2023-38408 |AC:L/ |is forwarded to an attacker-controlled system. |
| |PR:N/ |(Code in /usr/lib is not necessarily safe for |
| |UI:N/S:U|loading into ssh-agent.) NOTE: this issue exists |
| |/C:H/I:H|because of an incomplete fix for CVE-2016-10009. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |6.1 ( | |
| |CVSS:3.1| |
| |/AV:N/ |Text nodes not in the HTML namespace are |
|CVE-2023-3978 |AC:L/ |incorrectly literally rendered, causing text which |
| |PR:N/ |should be escaped to not be. This could lead to an |
| |UI:R/S:C|XSS attack. |
| |/C:L/I:L| |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| |8.8 ( | |
| |CVSS:3.1|kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 |
| |/AV:N/ |before 1.21.2 has a double free that is reachable |
|CVE-2023-39975 |AC:L/ |if an authenticated user can trigger an |
| |PR:L/ |authorization-data handling failure. Incorrect data|
| |UI:N/S:U|is copied from one ticket to another. |
| |/C:H/I:H| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |An issue was discovered in Python before 3.8.18, |
| | |3.9.x before 3.9.18, 3.10.x before 3.10.13, and |
| | |3.11.x before 3.11.5. It primarily affects servers |
| | |(such as HTTP servers) that use TLS client |
| | |authentication. If a TLS server-side socket is |
| |5.3 ( |created, receives data into the socket buffer, and |
| |CVSS:3.1|then is closed quickly, there is a brief window |
| |/AV:N/ |where the SSLSocket instance will detect the socket|
| |AC:L/ |as "not connected" and won't initiate a handshake, |
|CVE-2023-40217 |PR:N/ |but buffered data will still be readable from the |
| |UI:N/S:U|socket buffer. This data will not be authenticated |
| |/C:L/I:N|if the server-side TLS peer is expecting client |
| |/A:N ) |certificate authentication, and is |
| | |indistinguishable from valid TLS stream data. Data |
| | |is limited in size to the amount that will fit in |
| | |the buffer. (The TLS connection cannot directly be |
| | |used for data exfiltration because the vulnerable |
| | |code path requires that the connection be closed on|
| | |initialization of the SSLSocket.) |
+----------------+--------+---------------------------------------------------+
| |9.8 ( | |
| |CVSS:3.1|strongSwan before 5.9.12 has a buffer overflow and |
| |/AV:N/ |possible unauthenticated remote code execution via |
|CVE-2023-41913 |AC:L/ |a DH public value that exceeds the internal buffer |
| |PR:N/ |in charon-tkm's DH proxy. The earliest affected |
| |UI:N/S:U|version is 5.3.0. An attack can occur via a crafted|
| |/C:H/I:H|IKE_SA_INIT message. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |urllib3 is a user-friendly HTTP client library for |
| |8.1 ( |Python. urllib3 doesn't treat the `Cookie` HTTP |
| |CVSS:3.1|header special or provide any helpers for managing |
| |/AV:N/ |cookies over HTTP, that is the responsibility of |
|CVE-2023-43804 |AC:L/ |the user. However, it is possible for a user to |
| |PR:L/ |specify a `Cookie` header and unknowingly leak |
| |UI:N/S:U|information via HTTP redirects to a different |
| |/C:H/I:H|origin if that user doesn't disable redirects |
| |/A:N ) |explicitly. This issue has been patched in urllib3 |
| | |version 1.26.17 or 2.0.5. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1|The HTTP/2 protocol allows a denial of service |
| |/AV:N/ |(server resource consumption) because request |
|CVE-2023-44487 |AC:L/ |cancellation can reset many streams quickly, as |
| |PR:N/ |exploited in the wild in August through October |
| |UI:N/S:U|2023. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |This flaw allows a malicious HTTP server to set |
| | |"super cookies" in curl that are then passed back |
| |6.5 ( |to more origins than what is otherwise allowed or |
| |CVSS:3.1|possible. This allows a site to set cookies that |
| |/AV:N/ |then would get sent to different and unrelated |
|CVE-2023-46218 |AC:L/ |sites and domains. It could do this by exploiting a|
| |PR:N/ |mixed case flaw in curl's function that verifies a |
| |UI:N/S:U|given cookie domain against the Public Suffix List |
| |/C:L/I:L|(PSL). For example a cookie could be set with |
| |/A:N ) |`domain=co.UK` when the URL used a lower case |
| | |hostname `curl.co.uk`, even though `co.uk` is |
| | |listed as a PSL domain. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( |Lack of error handling in the TCP server in |
| |CVSS:3.1|Google's gRPC starting version 1.23 on |
| |/AV:N/ |posix-compatible platforms (ex. Linux) allows an |
|CVE-2023-4785 |AC:L/ |attacker to cause a denial of service by initiating|
| |PR:N/ |a significant number of connections with the |
| |UI:N/S:U|server. Note that gRPC C++ Python, and Ruby are |
| |/C:N/I:N|affected, but gRPC Java, and Go are NOT affected. |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| | |Issue summary: The POLY1305 MAC (message |
| | |authentication code) implementation contains a bug |
| | |that might corrupt the internal state of |
| | |applications on the Windows 64 platform when |
| | |running on newer X86_64 processors supporting the |
| | |AVX512-IFMA instructions. Impact summary: If in an |
| | |application that uses the OpenSSL library an |
| | |attacker can influence whether the POLY1305 MAC |
| | |algorithm is used, the application state might be |
| | |corrupted with various application dependent |
| | |consequences. The POLY1305 MAC (message |
| | |authentication code) implementation in OpenSSL does|
| | |not save the contents of non-volatile XMM registers|
| | |on Windows 64 platform when calculating the MAC of |
| | |data larger than 64 bytes. Before returning to the |
| | |caller all the XMM registers are set to zero rather|
| | |than restoring their previous content. The |
| | |vulnerable code is used only on newer x86_64 |
| | |processors supporting the AVX512-IFMA instructions.|
| |7.8 ( |The consequences of this kind of internal |
| |CVSS:3.1|application state corruption can be various - from |
| |/AV:L/ |no consequences, if the calling application does |
| |AC:L/ |not depend on the contents of non-volatile XMM |
|CVE-2023-4807 |PR:L/ |registers at all, to the worst consequences, where |
| |UI:N/S:U|the attacker could get complete control of the |
| |/C:H/I:H|application process. However given the contents of |
| |/A:H ) |the registers are just zeroized so the attacker |
| | |cannot put arbitrary values inside, the most likely|
| | |consequence, if any, would be an incorrect result |
| | |of some application dependent calculations or a |
| | |crash leading to a denial of service. The POLY1305 |
| | |MAC algorithm is most frequently used as part of |
| | |the CHACHA20-POLY1305 AEAD (authenticated |
| | |encryption with associated data) algorithm. The |
| | |most common usage of this AEAD cipher is with TLS |
| | |protocol versions 1.2 and 1.3 and a malicious |
| | |client can influence whether this AEAD cipher is |
| | |used by the server. This implies that server |
| | |applications using OpenSSL can be potentially |
| | |impacted. However we are currently not aware of any|
| | |concrete application that would be affected by this|
| | |issue therefore we consider this a Low severity |
| | |security issue. As a workaround the AVX512-IFMA |
| | |instructions support can be disabled at runtime by |
| | |setting the environment variable OPENSSL_ia32cap: |
| | |OPENSSL_ia32cap=:~0x200000 The FIPS provider is not|
| | |affected by this issue. |
+----------------+--------+---------------------------------------------------+
| | |The SSH transport protocol with certain OpenSSH |
| | |extensions, found in OpenSSH before 9.6 and other |
| | |products, allows remote attackers to bypass |
| | |integrity checks such that some packets are omitted|
| | |(from the extension negotiation message), and a |
| | |client and server may consequently end up with a |
| | |connection for which some security features have |
| | |been downgraded or disabled, aka a Terrapin attack.|
| | |This occurs because the SSH Binary Packet Protocol |
| | |(BPP), implemented by these extensions, mishandles |
| | |the handshake phase and mishandles use of sequence |
| | |numbers. For example, there is an effective attack |
| | |against SSH's use of ChaCha20-Poly1305 (and CBC |
| | |with Encrypt-then-MAC). The bypass occurs in |
| | |chacha20-poly1305@openssh.com and (if CBC is used) |
| | |the -etm@openssh.com MAC algorithms. This also |
| |5.9 ( |affects Maverick Synergy Java SSH API before |
| |CVSS:3.1|3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh |
| |/AV:N/ |before 5.1.1 in Erlang/OTP, PuTTY before 0.80, |
| |AC:H/ |AsyncSSH before 2.14.2, golang.org/x/crypto before |
|CVE-2023-48795 |PR:N/ |0.17.0, libssh before 0.10.6, libssh2 through |
| |UI:N/S:U|1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera |
| |/C:N/I:H|Term before 5.1, Paramiko before 3.4.0, jsch before|
| |/A:N ) |0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus |
| | |through 23.09.1, Netgate pfSense CE through 2.7.2, |
| | |HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and |
| | |before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, |
| | |NetSarang XShell 7 before Build 0144, CrushFTP |
| | |before 10.6.0, ConnectBot SSH library before |
| | |2.2.22, Apache MINA sshd through 2.11.0, sshj |
| | |through 0.37.0, TinySSH through 20230101, |
| | |trilead-ssh2 6401, LANCOM LCOS and LANconfig, |
| | |FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH|
| | |before 14.4, SecureCRT before 9.4.3, Transmit5 |
| | |before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta,|
| | |WinSCP before 6.2.2, Bitvise SSH Server before |
| | |9.32, Bitvise SSH Client before 9.33, KiTTY through|
| | |0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the |
| | |mscdex ssh2 module before 1.15.0 for Node.js, the |
| | |thrussh library before 0.35.1 for Rust, and the |
| | |Russh crate before 0.40.2 for Rust. |
+----------------+--------+---------------------------------------------------+
| | |cryptography is a package designed to expose |
| |7.5 ( |cryptographic primitives and recipes to Python |
| |CVSS:3.1|developers. Calling `load_pem_pkcs7_certificates` |
| |/AV:N/ |or `load_der_pkcs7_certificates` could lead to a |
| |AC:L/ |NULL-pointer dereference and segfault. Exploitation|
|CVE-2023-49083 |PR:N/ |of this vulnerability poses a serious risk of |
| |UI:N/S:U|Denial of Service (DoS) for any application |
| |/C:N/I:N|attempting to deserialize a PKCS7 blob/certificate.|
| |/A:H ) |The consequences extend to potential disruptions in|
| | |system availability and stability. This |
| | |vulnerability has been patched in version 41.0.6. |
+----------------+--------+---------------------------------------------------+
| |7.5 ( | |
| |CVSS:3.1| |
| |/AV:N/ |A flaw was found in the GNU C Library. A recent fix|
|CVE-2023-5156 |AC:L/ |for CVE-2023-4806 introduced the potential for a |
| |PR:N/ |memory leak, which may result in an application |
| |UI:N/S:U|crash. |
| |/C:N/I:N| |
| |/A:H ) | |
+----------------+--------+---------------------------------------------------+
| |5.9 ( | |
| |CVSS:3.1| |
| |/AV:N/ |A vulnerability was found that the response times |
|CVE-2023-5981 |AC:H/ |to malformed ciphertexts in RSA-PSK |
| |PR:N/ |ClientKeyExchange differ from response times of |
| |UI:N/S:U|ciphertexts with correct PKCS#1 v1.5 padding. |
| |/C:H/I:N| |
| |/A:N ) | |
+----------------+--------+---------------------------------------------------+
| | |The Use of a Hard-coded Cryptographic Key |
| | |vulnerability in Juniper Networks Juniper Cloud |
| | |Native Router (JCNR) and containerized routing |
| | |Protocol Deamon (cRPD) products allows an attacker |
|CVE-2024-30407 | |to perform Person-in-the-Middle (PitM) attacks |
| | |which results in complete compromise of the |
| | |container. Due to hardcoded SSH host keys being |
| | |present on the container, a PitM attacker can |
| | |intercept SSH traffic without being detected. |
+----------------+--------+---------------------------------------------------+
Solution:
The following software releases have been updated to resolve these specific
issues: cRPD 23.4R1, and all subsequent releases.
Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of
Engineering (EOE) or End of Life (EOL).
Workaround:
There are no known workarounds for these issues except for CVE-2024-30407.
For CVE-2024-30407:
Remove the hard coded keys using:
"rm -rf /etc/ssh/ssh_host_*"
and then run
"ssh-keygen -A"
to generate new host keys.
Modification History:
o 2024-04-10 - Initial Publication
Related Information:
o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
o KB16765: In which releases are vulnerabilities fixed?
o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
o Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
Last Updated: 2024-04-10
Created: 2024-04-10
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================