Vulnerability-Lookup

CVE-2023-0330 (GCVE-0-2023-0330)

Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2024-08-02 05:10

Title

Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow

Summary

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

fedora

References

URL

	Vendor	Product	Version
			Unaffected: 8.1.0-rc0 , < * (semver)

GHSA-FJ3C-GQ42-693W

Vulnerability from github – Published: 2023-03-07 00:30 – Updated: 2024-04-19 15:30

Details

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-06T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.",
  "id": "GHSA-fj3c-gq42-693w",
  "modified": "2024-04-19T15:30:45Z",
  "published": "2023-03-07T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0330"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0330"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-0330

Vulnerability from fkie_nvd - Published: 2023-03-06 23:15 - Updated: 2024-11-21 07:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Summary

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

References

URL	Tags
patrick@puiterwijk.org	https://access.redhat.com/security/cve/CVE-2023-0330
patrick@puiterwijk.org	https://bugzilla.redhat.com/show_bug.cgi?id=2160151
patrick@puiterwijk.org	https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html	Mailing List, Third Party Advisory
patrick@puiterwijk.org	https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-0330
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2160151
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html	Mailing List, Patch

Impacted products

Vendor	Product	Version
qemu	qemu	*
qemu	qemu	8.0.0
qemu	qemu	8.0.0
qemu	qemu	8.0.0
qemu	qemu	8.0.0
qemu	qemu	8.0.0
qemu	qemu	8.0.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72474BA6-A129-4FF4-AFC2-4FA8E2C41522",
              "versionEndExcluding": "7.2.3",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A4811446-5D11-4E60-ACF6-13032588117D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "FEDCD75C-FA8E-4128-955B-E1492B0C384A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62E291F3-5469-433B-A725-A1A4C421C55E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "73834774-A560-43C5-B1D5-F9F37B81B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "71FAF71E-3DE5-4B90-92B4-12CCF74A4D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0561171B-A1FB-4E6D-B6BE-DF61F7F2254E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."
    }
  ],
  "id": "CVE-2023-0330",
  "lastModified": "2024-11-21T07:36:59.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.0,
        "source": "patrick@puiterwijk.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-06T23:15:11.457",
  "references": [
    {
      "source": "patrick@puiterwijk.org",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0330"
    },
    {
      "source": "patrick@puiterwijk.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
    }
  ],
  "sourceIdentifier": "patrick@puiterwijk.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "patrick@puiterwijk.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-AVI-0119

Vulnerability from certfr_avis - Published: 2024-02-13 - Updated: 2024-02-13

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.4
Siemens	N/A	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à V2.4
Siemens	N/A	Simcenter Femap versions antérieures à V2401.0000
Siemens	N/A	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à V2.4
Siemens	N/A	Parasolid V36.0 versions antérieures à V36.0.198
Siemens	N/A	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à V2.4
Siemens	N/A	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions antérieures à V4.3
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 15
Siemens	N/A	SINEC NMS versions antérieures à V2.0 SP1
Siemens	N/A	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à V2.4
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 SP4
Siemens	N/A	SIDIS Prime versions antérieures à V4.0.400
Siemens	N/A	SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à V2.4
Siemens	N/A	Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à V2.4
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.252
Siemens	N/A	Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0012
Siemens	N/A	RUGGEDCOM APE1808 avec Nozomi Guardian / CMC antérieures à 23.3.0
Siemens	N/A	Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions antérieures à V4.3
Siemens	N/A	Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions antérieures à V4.3
Siemens	N/A	Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0006
Siemens	N/A	Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions antérieures à V4.3
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.263

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-000072 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-602936 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-647068 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-943925 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-753746 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-806742 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-580228 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-716164 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-797296 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-108696 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-871717 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-516818 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-017796 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-543502 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-665034 du 13 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2401.0000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.198",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIDIS Prime versions ant\u00e9rieures \u00e0 V4.0.400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0012",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE1808 avec Nozomi Guardian / CMC ant\u00e9rieures \u00e0 23.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.263",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-49691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
    },
    {
      "name": "CVE-2022-46393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46393"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2022-41556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41556"
    },
    {
      "name": "CVE-2023-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
    },
    {
      "name": "CVE-2023-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
    },
    {
      "name": "CVE-2023-51440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51440"
    },
    {
      "name": "CVE-2023-23946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2023-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
    },
    {
      "name": "CVE-2023-30772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30772"
    },
    {
      "name": "CVE-2023-45622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45622"
    },
    {
      "name": "CVE-2023-44321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
    },
    {
      "name": "CVE-2022-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
    },
    {
      "name": "CVE-2023-30585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30585"
    },
    {
      "name": "CVE-2024-23803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23803"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2023-38199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38199"
    },
    {
      "name": "CVE-2022-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
    },
    {
      "name": "CVE-2022-47629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2021-45451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45451"
    },
    {
      "name": "CVE-2022-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-30583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30583"
    },
    {
      "name": "CVE-2021-36369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36369"
    },
    {
      "name": "CVE-2023-25727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25727"
    },
    {
      "name": "CVE-2023-30086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
    },
    {
      "name": "CVE-2022-41409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2023-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0330"
    },
    {
      "name": "CVE-2023-2002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
    },
    {
      "name": "CVE-2024-23812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23812"
    },
    {
      "name": "CVE-2023-26965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-45617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45617"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2024-24925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24925"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2024-22042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22042"
    },
    {
      "name": "CVE-2023-50236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50236"
    },
    {
      "name": "CVE-2022-23521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
    },
    {
      "name": "CVE-2023-40283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
    },
    {
      "name": "CVE-2022-41903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2022-4904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-23816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23816"
    },
    {
      "name": "CVE-2022-3515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
    },
    {
      "name": "CVE-2023-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1393"
    },
    {
      "name": "CVE-2006-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
    },
    {
      "name": "CVE-2022-36021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36021"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2024-24922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24922"
    },
    {
      "name": "CVE-2022-38725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
    },
    {
      "name": "CVE-2024-24923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24923"
    },
    {
      "name": "CVE-2022-39260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39260"
    },
    {
      "name": "CVE-2022-29862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29862"
    },
    {
      "name": "CVE-2024-23800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23800"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2022-3437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3437"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2022-4743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4743"
    },
    {
      "name": "CVE-2023-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
    },
    {
      "name": "CVE-2022-28738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
    },
    {
      "name": "CVE-2023-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
    },
    {
      "name": "CVE-2023-3247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3247"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2023-32559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
    },
    {
      "name": "CVE-2023-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0494"
    },
    {
      "name": "CVE-2023-35828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
    },
    {
      "name": "CVE-2022-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37797"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2023-31084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2022-45919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
    },
    {
      "name": "CVE-2024-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24921"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2023-45625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45625"
    },
    {
      "name": "CVE-2023-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
    },
    {
      "name": "CVE-2023-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
    },
    {
      "name": "CVE-2023-31436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
    },
    {
      "name": "CVE-2023-32558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32558"
    },
    {
      "name": "CVE-2023-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
    },
    {
      "name": "CVE-2023-33203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
    },
    {
      "name": "CVE-2022-41861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41861"
    },
    {
      "name": "CVE-2024-23813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23813"
    },
    {
      "name": "CVE-2022-34918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-23802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23802"
    },
    {
      "name": "CVE-2021-43666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43666"
    },
    {
      "name": "CVE-2023-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
    },
    {
      "name": "CVE-2023-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
    },
    {
      "name": "CVE-2024-23798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23798"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2023-32003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32003"
    },
    {
      "name": "CVE-2023-1859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1859"
    },
    {
      "name": "CVE-2023-48363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48363"
    },
    {
      "name": "CVE-2022-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
    },
    {
      "name": "CVE-2023-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32004"
    },
    {
      "name": "CVE-2023-44320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
    },
    {
      "name": "CVE-2022-29187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29187"
    },
    {
      "name": "CVE-2023-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3111"
    },
    {
      "name": "CVE-2023-28709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
    },
    {
      "name": "CVE-2023-30587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30587"
    },
    {
      "name": "CVE-2023-30589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
    },
    {
      "name": "CVE-2022-46392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46392"
    },
    {
      "name": "CVE-2023-28487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
    },
    {
      "name": "CVE-2023-1670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
    },
    {
      "name": "CVE-2023-31489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31489"
    },
    {
      "name": "CVE-2023-32005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32005"
    },
    {
      "name": "CVE-2023-45618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45618"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-23810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23810"
    },
    {
      "name": "CVE-2023-30582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30582"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2019-19135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19135"
    },
    {
      "name": "CVE-2022-28737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28737"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2022-45142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45142"
    },
    {
      "name": "CVE-2023-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22742"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
    },
    {
      "name": "CVE-2023-27522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
    },
    {
      "name": "CVE-2022-37454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
    },
    {
      "name": "CVE-2022-48434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48434"
    },
    {
      "name": "CVE-2023-25155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25155"
    },
    {
      "name": "CVE-2023-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
    },
    {
      "name": "CVE-2023-5253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5253"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
    },
    {
      "name": "CVE-2023-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
    },
    {
      "name": "CVE-2021-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
    },
    {
      "name": "CVE-2023-30581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30581"
    },
    {
      "name": "CVE-2023-45627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45627"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-30584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
    },
    {
      "name": "CVE-2024-23801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23801"
    },
    {
      "name": "CVE-2024-24924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24924"
    },
    {
      "name": "CVE-2022-4744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
    },
    {
      "name": "CVE-2023-35945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
    },
    {
      "name": "CVE-2023-36664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36664"
    },
    {
      "name": "CVE-2023-21255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
    },
    {
      "name": "CVE-2023-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2021-4037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2023-36617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
    },
    {
      "name": "CVE-2023-38559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38559"
    },
    {
      "name": "CVE-2023-35824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
    },
    {
      "name": "CVE-2023-45616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45616"
    },
    {
      "name": "CVE-2023-45624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45624"
    },
    {
      "name": "CVE-2023-45614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45614"
    },
    {
      "name": "CVE-2023-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
    },
    {
      "name": "CVE-2023-46120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
    },
    {
      "name": "CVE-2023-30586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30586"
    },
    {
      "name": "CVE-2023-30588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
    },
    {
      "name": "CVE-2023-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1380"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2023-44319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2024-23811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23811"
    },
    {
      "name": "CVE-2023-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35789"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2024-22043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22043"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-4194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4194"
    },
    {
      "name": "CVE-2023-39418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39418"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2023-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
    },
    {
      "name": "CVE-2022-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2023-26081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26081"
    },
    {
      "name": "CVE-2022-34903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
    },
    {
      "name": "CVE-2023-44322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
    },
    {
      "name": "CVE-2023-32573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2023-45619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45619"
    },
    {
      "name": "CVE-2023-48364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48364"
    },
    {
      "name": "CVE-2023-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3863"
    },
    {
      "name": "CVE-2022-24834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
    },
    {
      "name": "CVE-2023-30590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30590"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    },
    {
      "name": "CVE-2022-1348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1348"
    },
    {
      "name": "CVE-2023-2861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
    },
    {
      "name": "CVE-2023-25588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2023-3141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
    },
    {
      "name": "CVE-2023-34872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34872"
    },
    {
      "name": "CVE-2023-30456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
    },
    {
      "name": "CVE-2023-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
    },
    {
      "name": "CVE-2024-23799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23799"
    },
    {
      "name": "CVE-2021-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
    },
    {
      "name": "CVE-2023-34256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34256"
    },
    {
      "name": "CVE-2024-23796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23796"
    },
    {
      "name": "CVE-2022-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2023-3301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
    },
    {
      "name": "CVE-2023-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
    },
    {
      "name": "CVE-2023-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2022-44370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44370"
    },
    {
      "name": "CVE-2023-45620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45620"
    },
    {
      "name": "CVE-2023-34035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34035"
    },
    {
      "name": "CVE-2022-41860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41860"
    },
    {
      "name": "CVE-2024-23795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23795"
    },
    {
      "name": "CVE-2023-45615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45615"
    },
    {
      "name": "CVE-2022-29536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29536"
    },
    {
      "name": "CVE-2023-49692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2020-1967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
    },
    {
      "name": "CVE-2023-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22745"
    },
    {
      "name": "CVE-2022-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3294"
    },
    {
      "name": "CVE-2023-32006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-45621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45621"
    },
    {
      "name": "CVE-2024-23804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23804"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2020-11896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2023-41080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
    },
    {
      "name": "CVE-2023-45626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45626"
    },
    {
      "name": "CVE-2023-1206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
    },
    {
      "name": "CVE-2022-37436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
    },
    {
      "name": "CVE-2024-23797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23797"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2023-38039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1611"
    },
    {
      "name": "CVE-2023-28486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
    },
    {
      "name": "CVE-2024-24920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24920"
    },
    {
      "name": "CVE-2023-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
    },
    {
      "name": "CVE-2023-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2023-45623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45623"
    },
    {
      "name": "CVE-2023-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
    },
    {
      "name": "CVE-2022-4900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4900"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2022-48303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2023-28450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
    }
  ],
  "initial_release_date": "2024-02-13T00:00:00",
  "last_revision_date": "2024-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0119",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-000072 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-602936 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647068 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-647068.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-943925 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-753746 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-806742 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-806742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-580228 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716164 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-797296 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-108696 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-871717 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-516818 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-017796 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-543502 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-665034 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-665034.html"
    }
  ]
}

CVE-2023-0330

Vulnerability from fstec - Published: 16.01.2023

Title

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», АО «НТЦ ИТ РОСА», Fabrice Bellard, АО "НППКТ"

Software Name

Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), РОСА ХРОМ (запись в едином реестре российских программ №1607), QEMU, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), 12.4 (РОСА ХРОМ), до 8.0.1 (QEMU), от 7.2.0 до 7.2.3 (QEMU), - (АЛЬТ СП 10), до 2.11 (ОСОН ОСнова Оnyx)

Possible Mitigations

Для QEMU: использование рекомендаций производителя: https://gitlab.com/qemu-project/qemu/-/issues/1563 Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2023-0330 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для операционной системы РОСА ХРОМ:https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2302 Для ОСОН ОСнова Оnyx (2.11): Обновление программного обеспечения qemu до версии 1:7.2+dfsg-7+deb12u5osnova1 Для ОС Astra Linux Special Edition 1.7: обновить пакет qemu до 1:7.2+dfsg-1.astra.se4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства

Reference

https://gitlab.com/qemu-project/qemu/-/commit/e49884a90987744ddb54b2fadc770633eb6a4d62 https://gitlab.com/qemu-project/qemu/-/issues/1563 https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html https://nvd.nist.gov/vuln/detail/CVE-2023-0330 https://security-tracker.debian.org/tracker/CVE-2023-0330 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 https://altsp.su/obnovleniya-bezopasnosti/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2302 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/ https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Fabrice Bellard, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 8.0.1 (QEMU), \u043e\u0442 7.2.0 \u0434\u043e 7.2.3 (QEMU), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f QEMU:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://gitlab.com/qemu-project/qemu/-/issues/1563\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2023-0330\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c:https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2302\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (2.11):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:7.2+dfsg-7+deb12u5osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qemu \u0434\u043e 1:7.2+dfsg-1.astra.se4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.08.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04834",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-0330",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), QEMU, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 lsi53c895a.c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 lsi53c895a.c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://gitlab.com/qemu-project/qemu/-/commit/e49884a90987744ddb54b2fadc770633eb6a4d62\nhttps://gitlab.com/qemu-project/qemu/-/issues/1563\nhttps://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0330\nhttps://security-tracker.debian.org/tracker/CVE-2023-0330\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2302\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}

GSD-2023-0330

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Aliases

CVE-2023-0330

Aliases

CVE-2023-0330

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-0330",
    "id": "GSD-2023-0330",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-0330.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-0330"
      ],
      "details": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.",
      "id": "GSD-2023-0330",
      "modified": "2023-12-13T01:20:23.220480Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "patrick@puiterwijk.org",
        "ID": "CVE-2023-0330",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Zheyu Ma for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-121",
                "lang": "eng",
                "value": "Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-0330",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-0330"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
          },
          {
            "name": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html",
            "refsource": "MISC",
            "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "72474BA6-A129-4FF4-AFC2-4FA8E2C41522",
                    "versionEndExcluding": "7.2.3",
                    "versionStartIncluding": "7.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A4811446-5D11-4E60-ACF6-13032588117D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc0:*:*:*:*:*:*",
                    "matchCriteriaId": "FEDCD75C-FA8E-4128-955B-E1492B0C384A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc1:*:*:*:*:*:*",
                    "matchCriteriaId": "62E291F3-5469-433B-A725-A1A4C421C55E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc2:*:*:*:*:*:*",
                    "matchCriteriaId": "73834774-A560-43C5-B1D5-F9F37B81B423",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc3:*:*:*:*:*:*",
                    "matchCriteriaId": "71FAF71E-3DE5-4B90-92B4-12CCF74A4D69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:8.0.0:rc4:*:*:*:*:*:*",
                    "matchCriteriaId": "0561171B-A1FB-4E6D-B6BE-DF61F7F2254E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."
          }
        ],
        "id": "CVE-2023-0330",
        "lastModified": "2024-04-19T14:15:07.850",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.5,
              "impactScore": 4.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 4.0,
              "source": "patrick@puiterwijk.org",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-03-06T23:15:11.457",
        "references": [
          {
            "source": "patrick@puiterwijk.org",
            "url": "https://access.redhat.com/security/cve/CVE-2023-0330"
          },
          {
            "source": "patrick@puiterwijk.org",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
          },
          {
            "source": "patrick@puiterwijk.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
          },
          {
            "source": "patrick@puiterwijk.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
          }
        ],
        "sourceIdentifier": "patrick@puiterwijk.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-121"
              }
            ],
            "source": "patrick@puiterwijk.org",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-0330 (GCVE-0-2023-0330)

GHSA-FJ3C-GQ42-693W

FKIE_CVE-2023-0330

CERTFR-2024-AVI-0119

Solution

CVE-2023-0330

GSD-2023-0330

Tags

Sightings

Nomenclature