CVE-2022-3510 |
Publication date
|
2022-Nov-11
|
Title
|
Parsing issue in protobuf message-type extension
|
Description
|
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
|
CVSS
|
7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Products impacted by versions
|
Protobuf-Java and JavaLite < 3.21.7
Protobuf-Java and JavaLite < 3.20.3
Protobuf-Java and JavaLite < 3.19.6
Protobuf-Java and JavaLite < 3.16.3
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-3509 |
Publication date
|
2022-Nov-01
|
Title
|
Parsing issue in protobuf textformat
|
Description
|
A parsing issue similar to CVE-2022-3171, but with TextFormat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
|
CVSS
|
7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Products impacted by versions
|
Protobuf-Java and JavaLite < 3.21.7
Protobuf-Java and JavaLite < 3.20.3
Protobuf-Java and JavaLite < 3.19.6
Protobuf-Java and JavaLite < 3.16.3
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-3095 |
Publication date
|
2022-Oct-27
|
Title
|
Incorrect parsing of the backslash characters in Dart library
|
Description
|
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.
|
CVSS
|
9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Products impacted by versions
|
Dart < 2.18.2
Dart < 3.3.3
|
References
|
|
Credit
|
Sohom Datta, Cryptonite, MIT Manipal
|
|
CVE-2022-3474 |
Publication date
|
2022-Oct-26
|
Title
|
Bazel leaks user credentials through the remote assets API
|
Description
|
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.
|
CVSS
|
3.5 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
Products impacted by versions
|
Bazel < 5.3.2
Bazel < 4.2.3
Bazel > 3.0.0
|
References
|
|
Credit
|
|
|
CVE-2022-3171 |
Publication date
|
2022-Oct-24
|
Title
|
Memory handling vulnerability in ProtocolBuffers Java core and lite
|
Description
|
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
|
CVSS
|
4.3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
Products impacted by versions
|
Protocolbuffers < 3.21.7
Protocolbuffers < 3.20.3
Protocolbuffers < 3.19.6
Protocolbuffers < 3.16.3
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-1941 |
Publication date
|
2022-Sep-22
|
Title
|
Out of Memory issue in ProtocolBuffers for cpp and python
|
Description
|
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
|
CVSS
|
5.7
|
Products impacted by versions
|
protobuf-cpp <= 3.16.1
protobuf-cpp <= 3.17.3
protobuf-cpp <= 3.18.2
protobuf-cpp <= 3.19.4
protobuf-cpp <= 3.20.1
protobuf-cpp <= 3.21.5
protobuf-python <= 3.16.1
protobuf-python <= 3.17.3
protobuf-python <= 3.18.2
protobuf-python <= 3.19.4
protobuf-python <= 3.20.1
protobuf-python <= 4.21.5
|
References
|
|
Credit
|
|
|
CVE-2022-1798 |
Publication date
|
2022-Sep-15
|
Title
|
Path Traversal vulnerability in Kubevirt
|
Description
|
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
|
CVSS
|
8.7
|
Products impacted by versions
|
Kubevirt < 0.55.1
Kubevirt < 0.56.0
|
References
|
|
Credit
|
Oliver Brooks and James Klopchic of NCC Group
Diane Dubois and Roman Mohr of Google
|
|
CVE-2022-0882 |
Publication date
|
2022-May-05
|
Title
|
Illegal access to Kernel log in Fuchsia
|
Description
|
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.
|
CVSS
|
5.3
|
Products impacted by versions
|
Fuchsia Kernel < 4.1.1
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-0343 |
Publication date
|
2022-Mar-29
|
Title
|
Local Privilege escalation in Perfetto Dev scripts
|
Description
|
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
|
CVSS
|
3.3
|
Products impacted by versions
|
Perfetto Dev Scripts <= 24.2
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-25326 |
Publication date
|
2022-Feb-25
|
Title
|
Denial of Service in fscrypt
|
Description
|
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
|
CVSS
|
5.5
|
Products impacted by versions
|
fscrypt <= 0.3.2
|
References
|
|
Credit
|
Matthias Gerstner of SUSE
|
|
CVE-2022-25327 |
Publication date
|
2022-Feb-25
|
Title
|
Local Denial of Service in fscrypt PAM module
|
Description
|
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above
|
CVSS
|
5.5
|
Products impacted by versions
|
fscrypt <= 0.3.2
|
References
|
|
Credit
|
Matthias Gerstner of SUSE
|
|
CVE-2022-25328 |
Publication date
|
2022-Feb-25
|
Title
|
Privilege escalation through command injection in fscrypt
|
Description
|
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above
|
CVSS
|
5
|
Products impacted by versions
|
fscrypt <= 0.3.2
|
References
|
|
Credit
|
Matthias Gerstner of SUSE
|
|
CVE-2022-0451 |
Publication date
|
2022-Feb-18
|
Title
|
Auth bypass in Dart SDK
|
Description
|
Dart SDK contains the HTTPClient in dart:io library which includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.
|
CVSS
|
6.5
|
Products impacted by versions
|
Dart SDK < 2.16.0
|
References
|
|
Credit
|
No credit available
|
|
CVE-2022-0317 |
Publication date
|
2022-Jan-31
|
Title
|
Improper Input Validation in AKPublic.Verify in go-attestation
|
Description
|
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above.
|
CVSS
|
4
|
Products impacted by versions
|
go-attestation < 0.4.0
|
References
|
|
Credit
|
Nikki VonHollen
|
|
CVE-2022-0247 |
Publication date
|
2022-Jan-25
|
Title
|
Write access to VMO data through copy-on-write in Fuchsia
|
Description
|
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.
|
CVSS
|
7.5
|
Products impacted by versions
|
Fuchsia < 4.1
|
References
|
|
Credit
|
No credit available
|
|