Vulnerability-Lookup

CVE-2021-28831 (GCVE-0-2021-28831)

Vulnerability from cvelistv5 – Published: 2021-03-19 04:01 – Updated: 2025-12-17 21:57

Summary

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://git.busybox.net/busybox/commit/?id=f25d25…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/202105-09	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:33:34.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
          },
          {
            "name": "FEDORA-2021-e82915eee1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
          },
          {
            "name": "FEDORA-2021-d20c8a4730",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
          },
          {
            "name": "FEDORA-2021-2024803354",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
          },
          {
            "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
          },
          {
            "name": "GLSA-202105-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-09"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250509-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-28831",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T21:57:33.883493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T21:57:37.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T09:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
        },
        {
          "name": "FEDORA-2021-e82915eee1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
        },
        {
          "name": "FEDORA-2021-d20c8a4730",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
        },
        {
          "name": "FEDORA-2021-2024803354",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
        },
        {
          "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
        },
        {
          "name": "GLSA-202105-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-09"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-28831",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd",
              "refsource": "MISC",
              "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
            },
            {
              "name": "FEDORA-2021-e82915eee1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
            },
            {
              "name": "FEDORA-2021-d20c8a4730",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
            },
            {
              "name": "FEDORA-2021-2024803354",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
            },
            {
              "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
            },
            {
              "name": "GLSA-202105-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-09"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-28831",
    "datePublished": "2021-03-19T04:01:54.000Z",
    "dateReserved": "2021-03-19T00:00:00.000Z",
    "dateUpdated": "2025-12-17T21:57:37.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\", \"name\": \"FEDORA-2021-e82915eee1\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/\", \"name\": \"FEDORA-2021-d20c8a4730\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/\", \"name\": \"FEDORA-2021-2024803354\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\", \"name\": \"[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202105-09\", \"name\": \"GLSA-202105-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250509-0005/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:33:34.419Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-28831\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T21:57:33.883493Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755 Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-17T21:57:24.800Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\", \"name\": \"FEDORA-2021-e82915eee1\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/\", \"name\": \"FEDORA-2021-d20c8a4730\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/\", \"name\": \"FEDORA-2021-2024803354\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\", \"name\": \"[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://security.gentoo.org/glsa/202105-09\", \"name\": \"GLSA-202105-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-05-26T09:06:11.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"attackVector\": \"NETWORK\", \"vectorString\": \"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\", \"name\": \"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\", \"name\": \"FEDORA-2021-e82915eee1\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/\", \"name\": \"FEDORA-2021-d20c8a4730\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/\", \"name\": \"FEDORA-2021-2024803354\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\", \"name\": \"[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://security.gentoo.org/glsa/202105-09\", \"name\": \"GLSA-202105-09\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-28831\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-28831\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-17T21:57:37.805Z\", \"dateReserved\": \"2021-03-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2021-03-19T04:01:54.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2023-AVI-0453

Vulnerability from certfr_avis - Published: 2023-06-13 - Updated: 2023-06-14

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINAMICS GL150 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.10
Siemens	N/A	SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	POWER METER SICAM Q200 family versions antérieures à 2.70
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions
Siemens	N/A	SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à 5.7
Siemens	N/A	SIMOTION C240 (6AU1240-1AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-1500 TM MFP - Linux Kernel
Siemens	N/A	SINAUT Software ST7sc toutes versions
Siemens	N/A	SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions
Siemens	N/A	Teamcenter Visualization versions 14.0.x antérieures à 14.0.0.6
Siemens	N/A	SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC NET PC Software V14 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.0 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC S7-1500 TM MFP - BIOS
Siemens	N/A	SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SINAMICS SL150 versions antérieures à 7.2
Siemens	N/A	SINAMICS PERFECT HARMONY GH180 6SR5 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.2.x antérieures à 13.2.0.13
Siemens	N/A	SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions
Siemens	N/A	SIMATIC WinCC versions antérieures à 8.0
Siemens	N/A	Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.3
Siemens	N/A	les contrôlleurs Desigo PX, se référer au bulletin ssa-824231 de l'éditeur pour la liste complète des versions affectées
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-PM toutes versions
Siemens	N/A	Solid Edge SE2023 versions antérieures à 223.0 Update 5
Siemens	N/A	JT2Go versions antérieures à 14.1.0.4
Siemens	N/A	SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.8
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) versions 14 à 18
Siemens	N/A	SIMATIC PCS 7 toutes versions
Siemens	N/A	SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions antérieures à 5.5 SP1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-975766 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-042050 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-731916 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-914026 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-794697 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-538795 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-831302 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-482956 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-508677 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-968170 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-824231 du 24 janvier 2018	None	vendor-advisory
Bulletin de sécurité Siemens ssa-942865 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-887249 du 13 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINAMICS GL150 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q200 family versions ant\u00e9rieures \u00e0 2.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 5.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION C240 (6AU1240-1AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 TM MFP - Linux Kernel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT Software ST7sc toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 TM MFP - BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS SL150 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS PERFECT HARMONY GH180 6SR5 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 13.2.x ant\u00e9rieures \u00e0 13.2.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC versions ant\u00e9rieures \u00e0 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les contr\u00f4lleurs Desigo PX, se r\u00e9f\u00e9rer au bulletin ssa-824231 de l\u0027\u00e9diteur pour la liste compl\u00e8te des versions affect\u00e9es",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 223.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 14.1.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.1.x ant\u00e9rieures \u00e0 14.1.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) versions 14 \u00e0 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2021-42384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2021-42378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
    },
    {
      "name": "CVE-2022-39190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39190"
    },
    {
      "name": "CVE-2022-42720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
    },
    {
      "name": "CVE-2021-42382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
    },
    {
      "name": "CVE-2022-47520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
    },
    {
      "name": "CVE-2021-38604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
    },
    {
      "name": "CVE-2022-21233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21233"
    },
    {
      "name": "CVE-2021-42376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
    },
    {
      "name": "CVE-2022-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3633"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2020-29562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
    },
    {
      "name": "CVE-2022-20421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2018-4834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4834"
    },
    {
      "name": "CVE-2022-32296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
    },
    {
      "name": "CVE-2021-42373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2021-42377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
    },
    {
      "name": "CVE-2022-42329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
    },
    {
      "name": "CVE-2021-3998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2020-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2022-47518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
    },
    {
      "name": "CVE-2023-31238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31238"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2021-42386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
    },
    {
      "name": "CVE-2022-42895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
    },
    {
      "name": "CVE-2023-33919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33919"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2022-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2021-42380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
    },
    {
      "name": "CVE-2023-33920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33920"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
    },
    {
      "name": "CVE-2021-42374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
    },
    {
      "name": "CVE-2023-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33124"
    },
    {
      "name": "CVE-2022-43545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43545"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2022-3534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3534"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2023-26495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26495"
    },
    {
      "name": "CVE-2022-34918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
    },
    {
      "name": "CVE-2022-20572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20572"
    },
    {
      "name": "CVE-2022-41849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
    },
    {
      "name": "CVE-2022-42432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42432"
    },
    {
      "name": "CVE-2022-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2022-47946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47946"
    },
    {
      "name": "CVE-2021-33655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
    },
    {
      "name": "CVE-2022-2602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
    },
    {
      "name": "CVE-2022-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
    },
    {
      "name": "CVE-2023-25910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25910"
    },
    {
      "name": "CVE-2023-33921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33921"
    },
    {
      "name": "CVE-2022-4095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
    },
    {
      "name": "CVE-2022-2585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2585"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-2078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
    },
    {
      "name": "CVE-2022-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
    },
    {
      "name": "CVE-2022-41222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-28391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2022-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2022-42719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42719"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2021-42379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
    },
    {
      "name": "CVE-2021-20269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
    },
    {
      "name": "CVE-2021-3999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
    },
    {
      "name": "CVE-2021-3759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
    },
    {
      "name": "CVE-2023-23559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
    },
    {
      "name": "CVE-2022-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
    },
    {
      "name": "CVE-2022-32250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
    },
    {
      "name": "CVE-2022-2274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
    },
    {
      "name": "CVE-2018-13405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2021-42381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
    },
    {
      "name": "CVE-2022-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21505"
    },
    {
      "name": "CVE-2022-36123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36123"
    },
    {
      "name": "CVE-2022-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
    },
    {
      "name": "CVE-2021-4037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
    },
    {
      "name": "CVE-2022-41850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
    },
    {
      "name": "CVE-2022-2978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
    },
    {
      "name": "CVE-2022-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
    },
    {
      "name": "CVE-2022-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
    },
    {
      "name": "CVE-2022-42328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
    },
    {
      "name": "CVE-2022-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
    },
    {
      "name": "CVE-2023-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33122"
    },
    {
      "name": "CVE-2022-42721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43398"
    },
    {
      "name": "CVE-2022-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
    },
    {
      "name": "CVE-2022-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3115"
    },
    {
      "name": "CVE-2021-42383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
    },
    {
      "name": "CVE-2023-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-0171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0171"
    },
    {
      "name": "CVE-2022-26373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
    },
    {
      "name": "CVE-2022-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2905"
    },
    {
      "name": "CVE-2022-20422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
    },
    {
      "name": "CVE-2022-36946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
    },
    {
      "name": "CVE-2022-3303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
    },
    {
      "name": "CVE-2016-10228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
    },
    {
      "name": "CVE-2021-42385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
    },
    {
      "name": "CVE-2022-36879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
    },
    {
      "name": "CVE-2022-23218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
    },
    {
      "name": "CVE-2023-27465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27465"
    },
    {
      "name": "CVE-2022-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3629"
    },
    {
      "name": "CVE-2023-33121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33121"
    },
    {
      "name": "CVE-2022-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2959"
    },
    {
      "name": "CVE-2023-28829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28829"
    },
    {
      "name": "CVE-2022-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2023-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
    },
    {
      "name": "CVE-2021-35942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
    },
    {
      "name": "CVE-2023-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
    },
    {
      "name": "CVE-2023-30757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30757"
    },
    {
      "name": "CVE-2021-33574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
    },
    {
      "name": "CVE-2022-42722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
    },
    {
      "name": "CVE-2021-3326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
    },
    {
      "name": "CVE-2022-20566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
    },
    {
      "name": "CVE-2022-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2327"
    },
    {
      "name": "CVE-2022-1199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
    },
    {
      "name": "CVE-2022-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-3606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3606"
    },
    {
      "name": "CVE-2022-1852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
    },
    {
      "name": "CVE-2021-27645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
    },
    {
      "name": "CVE-2022-40768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2022-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
    },
    {
      "name": "CVE-2022-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3104"
    },
    {
      "name": "CVE-2021-42375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
    },
    {
      "name": "CVE-2022-2503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
    },
    {
      "name": "CVE-2022-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
    },
    {
      "name": "CVE-2023-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
    },
    {
      "name": "CVE-2023-30897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30897"
    },
    {
      "name": "CVE-2022-40307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-41674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
    },
    {
      "name": "CVE-2022-1882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
    },
    {
      "name": "CVE-2022-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
    },
    {
      "name": "CVE-2022-43439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43439"
    },
    {
      "name": "CVE-2023-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33123"
    },
    {
      "name": "CVE-2023-30901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30901"
    },
    {
      "name": "CVE-2022-43546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43546"
    },
    {
      "name": "CVE-2022-2153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0453",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    },
    {
      "description": "Modification de la date du bulletin de s\u00e9curit\u00e9 ssa-824231.",
      "revision_date": "2023-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-975766 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-975766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-042050 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731916 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-731916.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914026 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-914026.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-794697 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-538795 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-538795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-831302 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-831302.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482956 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-482956.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-508677 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-508677.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-968170 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-824231 du 24 janvier 2018",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-824231.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-942865 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-942865.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-887249 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
    }
  ]
}

CERTFR-2024-AVI-0389

Vulnerability from certfr_avis - Published: 2024-05-14 - Updated: 2024-05-14

De multiples vulnérabilités ont été découvertes dans les produits Belden. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Belden	N/A	Hirschmann OWL 3G versions antérieures à 6.3.7
Belden	N/A	Hirschmann OWL LTE M12 versions antérieures à 6.3.7
Belden	N/A	Hirschmann OWL LTE versions antérieures à 6.3.7
Belden	N/A	Hirschmann BAT-C2 versions antérieures à 9.13.1.0R2

References

Title

Publication Time

Tags

Bulletin de sécurité Belden BSECV-2022-17_1v0

2024-05-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Hirschmann OWL 3G versions ant\u00e9rieures \u00e0 6.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Belden",
          "scada": true
        }
      }
    },
    {
      "description": "Hirschmann OWL LTE M12 versions ant\u00e9rieures \u00e0 6.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Belden",
          "scada": true
        }
      }
    },
    {
      "description": "Hirschmann OWL LTE versions ant\u00e9rieures \u00e0 6.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Belden",
          "scada": true
        }
      }
    },
    {
      "description": "Hirschmann BAT-C2 versions ant\u00e9rieures \u00e0 9.13.1.0R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Belden",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2022-28391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    }
  ],
  "initial_release_date": "2024-05-14T00:00:00",
  "last_revision_date": "2024-05-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0389",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nBelden. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Belden",
  "vendor_advisories": [
    {
      "published_at": "2024-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Belden BSECV-2022-17_1v0",
      "url": "https://assets.belden.com/m/118aa564206e89d4/original/Belden_Security_Bulletin_BSECV-2022-17_1v0.pdf"
    }
  ]
}

CERTFR-2024-AVI-0297

Vulnerability from certfr_avis - Published: 2024-04-11 - Updated: 2024-04-11

De multiples vulnérabilités ont été découvertes dans Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cloud Native Router versions antérieures à 23.4
cRPD versions antérieures à 23.4R1
Paragon Active Assurance versions antérieures à 4.2.1
Paragon Active Assurance versions antérieures à 4.3.0
Junos OS gamme EX4300 versions antérieures à 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6
Junos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions antérieures à 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gammes SRX Branch Series versions antérieures à 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1
Junos OS gammes MX Series avec SPC3 et MS-MPC versions antérieures à 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gamme SRX 5000 Series avec SPC2 versions antérieures à 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2
Junos OS gammes MX Series versions antérieures à 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3
Junos OS gamme EX9200-15C versions antérieures à 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2
Junos OS gammes SRX4600 versions antérieures à 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2 et 23.4R1
Junos OS gammes ACX5448 et ACX710 versions antérieures à 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1
Junos OS versions antérieures à 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2
Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA79102 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79106 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79181 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79186 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79089 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79173 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79104 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79094 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79183 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79176 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79179 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79187 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79109 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79171 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79188 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79099 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79184 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79110 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79174 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79095 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79100 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79107 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79092 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79185 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79108 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79091 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79180 du 10 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCloud Native Router versions ant\u00e9rieures \u00e0 23.4\u003c/li\u003e \u003cli\u003ecRPD versions ant\u00e9rieures \u00e0 23.4R1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.2.1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.3.0\u003c/li\u003e \u003cli\u003eJunos OS gamme EX4300 versions ant\u00e9rieures \u00e0 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6\u003c/li\u003e \u003cli\u003eJunos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions ant\u00e9rieures \u00e0 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes SRX Branch Series versions ant\u00e9rieures \u00e0 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes MX Series avec SPC3 et MS-MPC versions ant\u00e9rieures \u00e0 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gamme SRX 5000 Series avec SPC2 versions ant\u00e9rieures \u00e0 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0MX Series versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3\u003c/li\u003e \u003cli\u003eJunos OS gamme EX9200-15C versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0SRX4600 versions ant\u00e9rieures \u00e0 21.2R3-S7,\u00a021.4R3-S6,\u00a022.1R3-S5,\u00a022.2R3-S3,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R1-S2, 23.2R2 et 23.4R1\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0ACX5448 et ACX710 versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2\u003c/li\u003e \u003cli\u003e \u003cdiv\u003e \u003cdiv\u003e \u003cp\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2021-37600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
    },
    {
      "name": "CVE-2024-30381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30381"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-30401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30401"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2024-30409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30409"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2023-39975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
    },
    {
      "name": "CVE-2024-30410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30410"
    },
    {
      "name": "CVE-2018-7738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7738"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-30380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30380"
    },
    {
      "name": "CVE-2023-41913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41913"
    },
    {
      "name": "CVE-2024-30392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30392"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-23240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23240"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2011-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1676"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2020-19190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
    },
    {
      "name": "CVE-2024-30391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30391"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-30389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30389"
    },
    {
      "name": "CVE-2023-29491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
    },
    {
      "name": "CVE-2023-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
    },
    {
      "name": "CVE-2020-19187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2019-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
    },
    {
      "name": "CVE-2021-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39534"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30398"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2020-19188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
    },
    {
      "name": "CVE-2020-19186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2021-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39531"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2011-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1675"
    },
    {
      "name": "CVE-2023-28366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
    },
    {
      "name": "CVE-2024-30378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30378"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2021-34434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34434"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2023-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1428"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-30402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30402"
    },
    {
      "name": "CVE-2018-1000215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000215"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2024-30403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30403"
    },
    {
      "name": "CVE-2021-36159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
    },
    {
      "name": "CVE-2018-1000654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2021-30139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30139"
    },
    {
      "name": "CVE-2024-30384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30384"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-30387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30387"
    },
    {
      "name": "CVE-2017-18018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18018"
    },
    {
      "name": "CVE-2024-30406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30406"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-30394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30394"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2024-30407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30407"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2020-27350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27350"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2021-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39533"
    },
    {
      "name": "CVE-2024-30390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30390"
    },
    {
      "name": "CVE-2020-19185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
    },
    {
      "name": "CVE-2023-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-30388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30388"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2024-30386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30386"
    },
    {
      "name": "CVE-2021-33560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
    },
    {
      "name": "CVE-2011-1677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1677"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2020-28928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28928"
    },
    {
      "name": "CVE-2021-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41039"
    },
    {
      "name": "CVE-2024-30382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30382"
    },
    {
      "name": "CVE-2018-20482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
    },
    {
      "name": "CVE-2021-40528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40528"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2024-30405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30405"
    },
    {
      "name": "CVE-2024-30397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30397"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-30395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30395"
    }
  ],
  "initial_release_date": "2024-04-11T00:00:00",
  "last_revision_date": "2024-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79102 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79106 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Juniper-Cloud-Native-Router-Multiple-vulnerabilities-resolved-in-23-4-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79181 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-When-MAC-learning-happens-and-an-interface-gets-flapped-the-PFE-crashes-CVE-2024-30403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79186 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-If-a-specific-CLI-command-is-issued-PFE-crashes-will-occur-CVE-2024-30384?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79089 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79173 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Paragon-Active-Assurance-probe-serviced-exposes-internal-objects-to-local-users-CVE-2024-30381?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79104 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79094 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79183 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Connection-limits-is-not-being-enforced-while-the-resp-rate-limit-is-being-enforced-CVE-2024-30390?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79176 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX4600-Series-A-high-amount-of-specific-traffic-causes-packet-drops-and-an-eventual-PFE-crash-CVE-2024-30398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79179 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-An-invalid-certificate-causes-a-Denial-of-Service-in-the-Internet-Key-Exchange-IKE-process-CVE-2024-30397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79187 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-ACX5448-ACX710-Due-to-the-interface-flaps-the-PFE-process-can-crash-CVE-2024-30387?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79109 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-bbe-smgd-process-crash-upon-execution-of-specific-CLI-commands-CVE-2024-30378?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79171 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-l2cpd-crash-upon-receipt-of-a-specific-TLV-CVE-2024-30380?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79188 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-When-IPsec-authentication-is-configured-with-hmac-sha-384-and-hmac-sha-512-no-authentication-of-traffic-is-performed-CVE-2024-30391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79099 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79184 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-EVPN-VXLAN-scenario-state-changes-on-adjacent-systems-can-cause-an-l2ald-process-crash-CVE-2024-30386?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79110 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-15C-Stack-based-buffer-overflow-in-aftman-CVE-2024-30401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79174 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-CoS-based-forwarding-CBF-policy-is-configured-CVE-2024-30382?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79095 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79100 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79107 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-23-4R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79092 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79185 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Firewall-filter-not-blocking-egress-traffic-CVE-2024-30389?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79108 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79091 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79180 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2ald-crashes-on-receiving-telemetry-messages-from-a-specific-subscription-CVE-2024-30402?language=en_US"
    }
  ]
}

GSD-2021-28831

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Aliases

CVE-2021-28831

Aliases

CVE-2021-28831

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-28831",
    "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
    "id": "GSD-2021-28831",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-28831.html",
      "https://ubuntu.com/security/CVE-2021-28831",
      "https://advisories.mageia.org/CVE-2021-28831.html",
      "https://security.archlinux.org/CVE-2021-28831",
      "https://alas.aws.amazon.com/cve/html/CVE-2021-28831.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-28831"
      ],
      "details": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
      "id": "GSD-2021-28831",
      "modified": "2023-12-13T01:23:28.699052Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-28831",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd",
            "refsource": "MISC",
            "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
          },
          {
            "name": "FEDORA-2021-e82915eee1",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
          },
          {
            "name": "FEDORA-2021-d20c8a4730",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
          },
          {
            "name": "FEDORA-2021-2024803354",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
          },
          {
            "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
          },
          {
            "name": "GLSA-202105-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202105-09"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.32.1",
                "versionStartIncluding": "1.32.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-28831"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
            },
            {
              "name": "FEDORA-2021-e82915eee1",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
            },
            {
              "name": "FEDORA-2021-d20c8a4730",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
            },
            {
              "name": "FEDORA-2021-2024803354",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
            },
            {
              "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
            },
            {
              "name": "GLSA-202105-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202105-09"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-05-20T20:56Z",
      "publishedDate": "2021-03-19T05:15Z"
    }
  }
}

GHSA-7W53-225R-6VXV

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2025-11-03 21:30

Details

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-28831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-19T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
  "id": "GHSA-7w53-225r-6vxv",
  "modified": "2025-11-03T21:30:31Z",
  "published": "2022-05-24T17:44:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831"
    },
    {
      "type": "WEB",
      "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202105-09"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250509-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-28831

Vulnerability from fstec - Published: 03.03.2021

Title

Уязвимость реализации функции huft_free() набора UNIX-утилит командной строки BusyBox, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость реализации функции huft_free() набора UNIX-утилит командной строки BusyBox связана с недостатками обработки исключительных состояний в указателе результата huft_build. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью утилиты сжатия и восстановления файлов gzip

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», ООО «Ред Софт», Fedora Project, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, BusyBox, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 32 (Fedora), 33 (Fedora), 34 (Fedora), до 1.32.1 включительно (BusyBox), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.4.3 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для BusyBox: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Для Ред ОС: https://redos.red-soft.ru/updatesec/ Для Debian: https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/ Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 Для ОСОН Основа: Обновление программного обеспечения busybox до версии 1:1.30.1-7ubuntu3osnova4 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет busybox до 1:1.22.0-19+deb9u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения busybox до версии 1:1.22.0-19+deb9u2.osnova4

Reference

https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd https://redos.red-soft.ru/updatesec/ https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/ https://nvd.nist.gov/vuln/detail/CVE-2021-28831 https://www.securitylab.ru/vulnerability/517800.php https://www.cybersecurity-help.cz/vdb/SB2021032622 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/ https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

CWE

CWE-755

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 32 (Fedora), 33 (Fedora), 34 (Fedora), \u0434\u043e 1.32.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BusyBox), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BusyBox:\nhttps://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421:\nhttps://redos.red-soft.ru/updatesec/\n\n\u0414\u043b\u044f Debian:\nhttps://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f busybox \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.30.1-7ubuntu3osnova4\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 busybox \u0434\u043e 1:1.22.0-19+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f busybox \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.22.0-19+deb9u2.osnova4\n\n",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.05.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02427",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-28831",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, BusyBox, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 32 , Fedora Project Fedora 33 , Fedora Project Fedora 34 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 huft_free() \u043d\u0430\u0431\u043e\u0440\u0430 UNIX-\u0443\u0442\u0438\u043b\u0438\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 BusyBox, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 (CWE-755)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 huft_free() \u043d\u0430\u0431\u043e\u0440\u0430 UNIX-\u0443\u0442\u0438\u043b\u0438\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 BusyBox \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0432 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 huft_build. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0441\u0436\u0430\u0442\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 gzip",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\nhttps://redos.red-soft.ru/updatesec/\nhttps://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28831\nhttps://www.securitylab.ru/vulnerability/517800.php\nhttps://www.cybersecurity-help.cz/vdb/SB2021032622\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.3/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-755",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2021-28831

Vulnerability from fkie_nvd - Published: 2021-03-19 05:15 - Updated: 2025-12-17 22:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

References

URL	Tags
cve@mitre.org	https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
cve@mitre.org	https://security.gentoo.org/glsa/202105-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202105-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250509-0005/

Impacted products

Vendor	Product	Version
busybox	busybox	*
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F45843F-3E26-4DE5-B89B-E83623AB8054",
              "versionEndIncluding": "1.32.1",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data."
    },
    {
      "lang": "es",
      "value": "El archivo decompress_gunzip.c en BusyBox versiones hasta 1.32.1, maneja inapropiadamente el bit de error en el puntero de resultado de huft_build, con un fallo liberaci\u00f3n invalida o de segmentaci\u00f3n resultante, por medio de datos gzip malformados"
    }
  ],
  "id": "CVE-2021-28831",
  "lastModified": "2025-12-17T22:15:56.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-19T05:15:13.150",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20250509-0005/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-28831 (GCVE-0-2021-28831)

CERTFR-2023-AVI-0453

Solution

CERTFR-2024-AVI-0389

Solution

CERTFR-2024-AVI-0297

Solution

GSD-2021-28831

GHSA-7W53-225R-6VXV

CVE-2021-28831

FKIE_CVE-2021-28831

Tags

Sightings

Nomenclature